You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@servicemix.apache.org by Guillaume Nodet <gn...@gmail.com> on 2007/11/16 16:43:29 UTC
Re: CXF Security context
Imho, we should support it somehow.
It should be quite easy to do as the only things to do are:
* delegate authentication to JAAS configured in servicemix
* put the authenticated subject in the JBI exchange
It we do that, we should be able to use servicemix authorization mechanism.
Thoughts ?
On Nov 16, 2007 3:36 AM, Freeman Fang <fr...@iona.com> wrote:
> Hi,
>
> We don't support getting security context from the normalized message so
> far, since ws-security is based on soap binding , but the normalized
> message used for service pojo inside cxfse is based on jbi binding. All
> ws-security feature is handled in cxf-bc, which means we support
> ws-security between endpoint outside jbi container and the cxf bc, but
> not inside jbi container.
>
> Best Regards
> Freeman
>
>
> depstei2 wrote:
> > Once the cxf-bc has authenticated an incoming message, the message is
> sent to
> > my cxf service engine. How does one go about getting the security
> context
> > from the normalized message if the headers are stripped out? In
> standalone
> > cxf, you can grab the wsContext inside your service implementation pojo.
> Is
> > there a way to inject the cxfse wsContext into your service pojo?
> >
> >
>
--
Cheers,
Guillaume Nodet
------------------------
Blog: http://gnodet.blogspot.com/