cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oliver Wulff <>
Subject REST security enhancements
Date Wed, 05 Feb 2014 19:56:30 GMT
Hi there

For the REST services of the Fediz IDP I'd like to support initially three security use cases.

1) Basic Authentication, Username/Password validated against the STS
2) Basic Authentication, Username/Password validated with JAAS
3) SAML token in Basic Authorization header

In CXF 3.0, each REST security interceptor enforces the security credentials it supports.
Therefore, you can't just configure all interceptors like:

The interceptors should not throw an exception but instead assert the token (similar the policy)
and finally an interceptor checks whether one token was provided and successfully validated.

Other ideas?



Oliver Wulff

Solution Architect

<>Talend Application Integration Division

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message