cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: doc or examples using XACML from WSDL
Date Thu, 03 Jan 2013 11:44:15 GMT
Hi Gavin,

I haven't documented the XACML stuff yet. I'm not sure if the functionality
implemented as part of CXF-4657 meets your requirements exactly.
Essentially what's there is to take a Principal name + roles from the
runtime security context, and package it up in an XACML Request with an
Action + Resource to a PDP for an authorization decision. This
functionality is provided by an interceptor which is abstract, as there is
no standard PDP interface. Therefore you need to subclass the interceptor
to actually make the invocation to a PDP, which can be a JAX-WS/JAX-RS/etc
service.

Colm.

On Sun, Dec 30, 2012 at 2:13 PM, Gavin Sutcliffe <
gavin_j_sutcliffe@yahoo.com> wrote:

> Hello,
>
> I have an existing web service
> that has some simple security policy defined in the WSDL, where it
> expects a number of claims to come through from LDAP. That's all working
> fine, but I'd like to pass those claims to a XACML PDP and not try to make
> the decision there in the WSDL.
>
> I see some pieces of support for requests to a XACML PDP from a CXF web
> service (CXF-4657) and I have looked at some of the source in systests and
> in the org.apache.cxf.rt.security.xacml package. So I have a general
> understanding of what is there, and the systests show how the messages
> flow. What I'm missing is how to tie all this into a web service through
> WSDL and/or config xml files. Is there any doc or example of that? Can I do
> the XACML request initiation and decision consumption from within the WSDL?
> Or do I need custom interceptors?
>
>
> Thanks,
>
> - Gavin
>
>
> -------------------
> Gavin J. Sutcliffe




-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message