You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@servicemix.apache.org by "david.brossard" <da...@gmail.com> on 2010/12/08 11:57:16 UTC

Re: Authorization based on XACML

You can create your own Policy Enforcement Point (PEP) for ServiceMix which
will look at the JBI object, extract any value (as Freeman points out) you
need in and map them to XACML attributes. You then need to create a XACML
request and send it to your external authorization service.

Using the same pattern I've written a simple PEP for Apache CXF using
Axiomatics's XACML API.

For instance, in the CXF PEP I wrote, I focus on the
org.apache.cxf.message.Message object. The Authorization call is built as a
handler class which extends
org.apache.cxf.phase.AbstractPhaseInterceptor<Message>.

In the handleMessage(Message message) method, I then start inspecting the
Message object and extracting value I am interested in.

Example:

        // 2. about the resource
        String address =
message.getDestination().getAddress().getAddress().getValue();
        AttributeValue aValue = new StringAttribute(address);
        Attribute resourceAddress = new
com.axiomatics.xacml.ctx.Attribute(URI.create("com.apache.cxf:address"),
issuer, aValue);
        resourceAttributes.add(resourceAddress);

Once you've collected all the XACML attributes you are interested in, you
can create the request to the AuthZ service.

David. [http://www.webfarmr.eu]
-- 
View this message in context: http://servicemix.396122.n5.nabble.com/Authorization-based-on-XACML-tp3270448p3297173.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.