Sihem
We have already some user contributed mediators for access control. Its
pretty easy to implement. The problem is really in tying into a backend. One
option I guess we could consider is using the WSO2 UserManager library which
is an open source library to backends like LDAP.
I also believe that there is built-in Kerberos support in the JDK so for
that aspect we could use that.
How about we create an authentication model like this:
<authenticate>
<provider class="org.apache.synapse.authenticators.kerberos">
<property name="token" expression="/xpath/to/token/element"/>
</provider>
<onFail>
<sequence ref="authfailed"/>
</onFail>
</authenticate>
>From this we can create a set of "authentication providers". These can
simply be classes that have properties injected from the message and return
a boolean.
I guess we could model them on the POJO command stuff maybe. I'm not exactly
sure the exact model, but its seems like it would be nice to have a tiny bit
of framework here.
Paul
On Dec 10, 2007 12:10 PM, Sihem <[EMAIL PROTECTED]> wrote:
> Hello!
> I would like to know whether the access control functionnality will be
> added in the next synapse release. Because I would like synapse to extract a
> kerberos token from the client message and use it to determine if the client
> is allowed to access the final web service.
> Thank you by advance!
> sihem
>
>
> ---------------------------------
> Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo!
> Mail
>
--
Paul Fremantle
Co-Founder and VP of Technical Sales, WSO2
OASIS WS-RX TC Co-chair
blog: http://pzf.fremantle.org
[EMAIL PROTECTED]
"Oxygenating the Web Service Platform", www.wso2.com
