cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CXF-4495) Extend SimpleAuthorizingInterceptor to check only configured roles
Date Wed, 05 Sep 2012 15:11:07 GMT

     [ https://issues.apache.org/jira/browse/CXF-4495?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sergey Beryozkin resolved CXF-4495.
-----------------------------------

       Resolution: Fixed
    Fix Version/s: 2.7.0
                   2.6.3
         Assignee: Sergey Beryozkin
    
> Extend SimpleAuthorizingInterceptor to check only configured roles
> ------------------------------------------------------------------
>
>                 Key: CXF-4495
>                 URL: https://issues.apache.org/jira/browse/CXF-4495
>             Project: CXF
>          Issue Type: Improvement
>          Components: Core
>            Reporter: Andrei Shakirin
>            Assignee: Sergey Beryozkin
>            Priority: Minor
>             Fix For: 2.6.3, 2.7.0
>
>         Attachments: cxf-rt-core-SimpleAuthorizingInInterceptor.patch
>
>
> Hi,
> Actually SimpleAuthorizingInterceptor works only with prepared SecurityContext (with
resolved roles). Configured user roles map is checked only additionally to roles in context.
It is possible to restrict access in configuration, but not extend it.
> I see some use cases, where checking only configured roles also makes sense in SimpleAuthorizingInterceptor.
Sample is authentication using SAML assertion without role assertion attribute and without
TLS.
> Proposal is to introduce boolean property "checkConfiguredRolesOnly" in SimpleAuthorizingInterceptor.
If property is true, only configured roles will be checked, isUserInRole for SecurityContext
will not be called.
> By default property will be deactivated.
> Patch is attached.
> Regards,
> Andrei.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message