You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Sergey Beryozkin (JIRA)" <ji...@apache.org> on 2011/04/19 21:58:05 UTC
[jira] [Created] (CXF-3462) Provide CXF interceptor making it easy
to use STS for validating BasicAuth info
Provide CXF interceptor making it easy to use STS for validating BasicAuth info
-------------------------------------------------------------------------------
Key: CXF-3462
URL: https://issues.apache.org/jira/browse/CXF-3462
Project: CXF
Issue Type: New Feature
Components: WS-* Components
Affects Versions: 2.4
Reporter: Sergey Beryozkin
Fix For: 2.4.1
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CXF-3462) Provide CXF interceptor making it
easy to use STS for validating BasicAuth info
Posted by "Sergey Beryozkin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-3462?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13022125#comment-13022125 ]
Sergey Beryozkin commented on CXF-3462:
---------------------------------------
It is the latter.
Using service-side callback handlers and STS for validating the basic auth info is kind of orthogonal to each other, but as it happend, STSTokenValidator which uses STSClient is implemented as a callback handler, or WSS4J Validator.
The goal is to ensure HTTPS protected endpoints (JAX-RS or JAX-WS ones not relying on WS-Sec) can utilize STS (when dictated by the internal sec policy) for validating the tokens and even more importantly, getting SAML tokens back which can be used for subsequent authorization decisions
> Provide CXF interceptor making it easy to use STS for validating BasicAuth info
> -------------------------------------------------------------------------------
>
> Key: CXF-3462
> URL: https://issues.apache.org/jira/browse/CXF-3462
> Project: CXF
> Issue Type: New Feature
> Components: WS-* Components
> Affects Versions: 2.4
> Reporter: Sergey Beryozkin
> Fix For: 2.4.1
>
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CXF-3462) Provide CXF interceptor making it
easy to use STS for validating BasicAuth info
Posted by "Sergey Beryozkin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-3462?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13022130#comment-13022130 ]
Sergey Beryozkin commented on CXF-3462:
---------------------------------------
Actually, we are talking about STS generating a SAML token too, so if it is what you meant by the former then yes to that too
> Provide CXF interceptor making it easy to use STS for validating BasicAuth info
> -------------------------------------------------------------------------------
>
> Key: CXF-3462
> URL: https://issues.apache.org/jira/browse/CXF-3462
> Project: CXF
> Issue Type: New Feature
> Components: WS-* Components
> Affects Versions: 2.4
> Reporter: Sergey Beryozkin
> Fix For: 2.4.1
>
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (CXF-3462) Provide CXF interceptor making it easy
to use STS for validating BasicAuth info
Posted by "Sergey Beryozkin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-3462?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergey Beryozkin resolved CXF-3462.
-----------------------------------
Resolution: Fixed
Assignee: Sergey Beryozkin
> Provide CXF interceptor making it easy to use STS for validating BasicAuth info
> -------------------------------------------------------------------------------
>
> Key: CXF-3462
> URL: https://issues.apache.org/jira/browse/CXF-3462
> Project: CXF
> Issue Type: New Feature
> Components: WS-* Components
> Affects Versions: 2.4
> Reporter: Sergey Beryozkin
> Assignee: Sergey Beryozkin
> Fix For: 2.4.1
>
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CXF-3462) Provide CXF interceptor making it
easy to use STS for validating BasicAuth info
Posted by "Glen Mazza (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-3462?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13022119#comment-13022119 ]
Glen Mazza commented on CXF-3462:
---------------------------------
What are the benefits of having an STS validate BasicAuth info? Is this for Token issuance (i.e., after validating via Basic Auth the STS will generate a token to the client) or just pure validation ("Yup. That username/password combo is good.") without a token being generated? If the former, I think WS-Trust would require upgrading to UsernameToken (not just basic auth), and there may be legitimate security reasons for that. If the latter, that would seem to be outside the scope of the STS (there's normally service-side callback handlers that can be used for that type of validation.)
> Provide CXF interceptor making it easy to use STS for validating BasicAuth info
> -------------------------------------------------------------------------------
>
> Key: CXF-3462
> URL: https://issues.apache.org/jira/browse/CXF-3462
> Project: CXF
> Issue Type: New Feature
> Components: WS-* Components
> Affects Versions: 2.4
> Reporter: Sergey Beryozkin
> Fix For: 2.4.1
>
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira