cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <>
Subject Re: Move JAX-RS claims classes to frontend independent module rt/security
Date Thu, 29 Mar 2012 12:00:02 GMT
Hi Oli

thanks for initiating this thread

On 29/03/12 07:06, Oliver Wulff wrote:
> Hi all
> I'd like to start working on the RBAC (see mail "Role based access control with SAML
in CXF") and the Claims support for JAX-WS. Sergey has already implemented that for JAX-RS.
> I'd propose to move these classes (claims, annotations) to a frontend independent module
like rt/security thus it can be used by JAX-WS and JAX-RS. To get this done for 2.6 would
be very good. Otherwise, we can do this for 2.7 earliest. I'd like to avoid in having different
Claims classes for the same purpose when using JAX-RS or JAX-WS.
> What do you think?

I think it might be a bit tight to get both the annotations & the actual 
data classes representing Claims given that at the moment Claims data 
classes used within the JAX-RS frontend are different from the ones 
available in the WS Security module.

We have 3 pieces to deal with:
- Annotations (visible at the application code level) [1]
- ClaimsAuthorizingInterceptor which enforces those annotations against 
the incoming claims data available at runtime
- The actual Claim classes keeping the info about the claims

Moving Annotations to the common package can be done quickly enough that 
would let us have the JAX-WS & JAX-RS code using the same visible 
The interim solution for JAX-WS then is to provide its own 
ClaimsAuthorizingInterceptor which will operate on WS specific Claim 
classes. And then we can introduce at some stage the common interceptor 
once we 'merge' the Claim data classes, I'd be OK adapting JAX-RS Claim 
classes as close as possible to WS ones.

But let me move the annotations first. Who knows may be we will also be 
able to merge Claim data classes before 2.6 is out :-)

Thanks, Sergey


> Thanks
> Oli
> ------
> Oliver Wulff
> Blog:<>
> Solution Architect
> <>Talend Application Integration Division

Sergey Beryozkin

Talend Community Coders


View raw message