Also, I noticed some discussions about the CXF webservice using JAAS authentication and how it doesn't forward the credentials to the CXF-BC. I thought I did see however that someone said that the credentials are still recognized in Servicemix for that exchange. My question then, is that if someone authenticates to the CXF consumer endpoint, and specifies some parameter that causes an exchange to be sent to another service for processing, will the credentials of the user who accessed the CXF webservice, be enforced by activemq when accessing any other services in that servicemix container? Or is it that once the person passes the authentication in the CXF consumer endpoint, then no restrictions are put on the message exchange that continues on to another service for processing? Such as if you setup certain uses to be able to hit a certain internal endpoint in security.xml. Will that be enforced for the user who is identfied by the CXF BC? Or do you have to intercept those credentials, and attach them to the message and then verify them on the internal service independently?
Thanks! Ryan On Tue, Jul 28, 2009 at 11:12 AM, Ryan Moquin <[email protected]>wrote: > In servicemix, is there anyway to encrypt the password in the > users-passwords.properties file? Is there a way to put the security > credentials such as users, roles and passwords into a database or some other > store so that it would be easier to manage those credentials? Is that > something you would plug a custom AuthenticationService into security.xml > for? Or are there other options available for security.xml that aren't as > obvious? > > Thanks! > Ryan >
