You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by janb <ja...@sopera.com> on 2011/09/26 13:14:06 UTC

Role Information in SAML Token

Hi,

I was wondering about Java EE Security Support in CXF. More particular, I
would like to know, if Role Information from an SAML Token is available in
the Security Context?

If a CXF Provider receives a SAML Token including all asigned roles of a
given user, could I use Java EE Security Annotations, or
javax.xml.ws.WebServiceContext.isUserInRole(role) to check for a certain
role?

Kind regards,
Jan



--
View this message in context: http://cxf.547215.n5.nabble.com/Role-Information-in-SAML-Token-tp4841005p4841005.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: Role Information in SAML Token

Posted by Sergey Beryozkin <sb...@gmail.com>.

Hi

Some code is already available to support RBAC and a completely 
different Claims based authorization - right now the question is how to 
make sure it can be shared by SOAP-based and JAX-RS based endpoints, but 
it will be there

Cheers, Sergey

On 26/09/11 12:14, janb wrote:
> Hi,
>
> I was wondering about Java EE Security Support in CXF. More particular, I
> would like to know, if Role Information from an SAML Token is available in
> the Security Context?
>
> If a CXF Provider receives a SAML Token including all asigned roles of a
> given user, could I use Java EE Security Annotations, or
> javax.xml.ws.WebServiceContext.isUserInRole(role) to check for a certain
> role?
>
> Kind regards,
> Jan
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Role-Information-in-SAML-Token-tp4841005p4841005.html
> Sent from the cxf-user mailing list archive at Nabble.com.