You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@synapse.apache.org by Sihem <st...@yahoo.fr> on 2007/12/10 13:10:56 UTC

Access control

Hello!
I would like to know whether the access control functionnality will be added in the next synapse release. Because I would like synapse to extract a kerberos token from the client message and use it to determine if the client is allowed to access the final web service.
Thank you by advance!
sihem

             
---------------------------------
 Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail

Re: RE : Re: Access control

Posted by Paul Fremantle <pz...@gmail.com>.
Sihem

I'm sorry I should have included the link:

http://issues.apache.org/jira/browse/SYNAPSE-50

We really should have included this in a "contributions" directory. I will
make sure we put one in place before the next release.

Paul

On Dec 11, 2007 8:26 AM, Sihem <st...@yahoo.fr> wrote:

> Hello,
> can you tell me what are these user contributed mediators for access
> control ? Because I have found nothing about that on the web.
> Thanks!
> Sihem
>
> Paul Fremantle <pz...@gmail.com> a écrit : Sihem
>
> We have already some user contributed mediators for access control. Its
> pretty easy to implement. The problem is really in tying into a backend.
> One
> option I guess we could consider is using the WSO2 UserManager library
> which
> is an open source library to backends like LDAP.
>
> I also believe that there is built-in Kerberos support in the JDK so for
> that aspect we could use that.
>
> How about we create an authentication model like this:
>
>
>
>
>
>
>
>
>
>
>
>
>
> From this we can create a set of "authentication providers". These can
> simply be classes that have properties injected from the message and
> return
> a boolean.
> I guess we could model them on the POJO command stuff maybe. I'm not
> exactly
> sure the exact model, but its seems like it would be nice to have a tiny
> bit
> of framework here.
>
> Paul
>
>
> On Dec 10, 2007 12:10 PM, Sihem  wrote:
>
> > Hello!
> > I would like to know whether the access control functionnality will be
> > added in the next synapse release. Because I would like synapse to
> extract a
> > kerberos token from the client message and use it to determine if the
> client
> > is allowed to access the final web service.
> > Thank you by advance!
> > sihem
> >
> >
> > ---------------------------------
> >  Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo!
> > Mail
> >
>
>
>
> --
> Paul Fremantle
> Co-Founder and VP of Technical Sales, WSO2
> OASIS WS-RX TC Co-chair
>
> blog: http://pzf.fremantle.org
> paul@wso2.com
>
> "Oxygenating the Web Service Platform", www.wso2.com
>
>
>
>
> ---------------------------------
>  Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo!
> Mail
>



-- 
Paul Fremantle
Co-Founder and VP of Technical Sales, WSO2
OASIS WS-RX TC Co-chair

blog: http://pzf.fremantle.org
paul@wso2.com

"Oxygenating the Web Service Platform", www.wso2.com

RE : Re: Access control

Posted by Sihem <st...@yahoo.fr>.
Hello,
can you tell me what are these user contributed mediators for access control ? Because I have found nothing about that on the web.
Thanks!
Sihem

Paul Fremantle <pz...@gmail.com> a écrit : Sihem

We have already some user contributed mediators for access control. Its
pretty easy to implement. The problem is really in tying into a backend. One
option I guess we could consider is using the WSO2 UserManager library which
is an open source library to backends like LDAP.

I also believe that there is built-in Kerberos support in the JDK so for
that aspect we could use that.

How about we create an authentication model like this:


   

       

   

   
      
   


>From this we can create a set of "authentication providers". These can
simply be classes that have properties injected from the message and return
a boolean.
I guess we could model them on the POJO command stuff maybe. I'm not exactly
sure the exact model, but its seems like it would be nice to have a tiny bit
of framework here.

Paul


On Dec 10, 2007 12:10 PM, Sihem  wrote:

> Hello!
> I would like to know whether the access control functionnality will be
> added in the next synapse release. Because I would like synapse to extract a
> kerberos token from the client message and use it to determine if the client
> is allowed to access the final web service.
> Thank you by advance!
> sihem
>
>
> ---------------------------------
>  Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo!
> Mail
>



-- 
Paul Fremantle
Co-Founder and VP of Technical Sales, WSO2
OASIS WS-RX TC Co-chair

blog: http://pzf.fremantle.org
paul@wso2.com

"Oxygenating the Web Service Platform", www.wso2.com



             
---------------------------------
 Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail

Re: Access control

Posted by Paul Fremantle <pz...@gmail.com>.
Sihem

We have already some user contributed mediators for access control. Its
pretty easy to implement. The problem is really in tying into a backend. One
option I guess we could consider is using the WSO2 UserManager library which
is an open source library to backends like LDAP.

I also believe that there is built-in Kerberos support in the JDK so for
that aspect we could use that.

How about we create an authentication model like this:

<authenticate>
   <provider class="org.apache.synapse.authenticators.kerberos">
       <property name="token" expression="/xpath/to/token/element"/>
   </provider>
   <onFail>
      <sequence ref="authfailed"/>
   </onFail>
</authenticate>

>From this we can create a set of "authentication providers". These can
simply be classes that have properties injected from the message and return
a boolean.
I guess we could model them on the POJO command stuff maybe. I'm not exactly
sure the exact model, but its seems like it would be nice to have a tiny bit
of framework here.

Paul


On Dec 10, 2007 12:10 PM, Sihem <st...@yahoo.fr> wrote:

> Hello!
> I would like to know whether the access control functionnality will be
> added in the next synapse release. Because I would like synapse to extract a
> kerberos token from the client message and use it to determine if the client
> is allowed to access the final web service.
> Thank you by advance!
> sihem
>
>
> ---------------------------------
>  Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo!
> Mail
>



-- 
Paul Fremantle
Co-Founder and VP of Technical Sales, WSO2
OASIS WS-RX TC Co-chair

blog: http://pzf.fremantle.org
paul@wso2.com

"Oxygenating the Web Service Platform", www.wso2.com

Re: Access control

Posted by Paul Fremantle <pz...@gmail.com>.
Sihem

We have already some user contributed mediators for access control. Its
pretty easy to implement. The problem is really in tying into a backend. One
option I guess we could consider is using the WSO2 UserManager library which
is an open source library to backends like LDAP.

I also believe that there is built-in Kerberos support in the JDK so for
that aspect we could use that.

How about we create an authentication model like this:

<authenticate>
   <provider class="org.apache.synapse.authenticators.kerberos">
       <property name="token" expression="/xpath/to/token/element"/>
   </provider>
   <onFail>
      <sequence ref="authfailed"/>
   </onFail>
</authenticate>

>From this we can create a set of "authentication providers". These can
simply be classes that have properties injected from the message and return
a boolean.
I guess we could model them on the POJO command stuff maybe. I'm not exactly
sure the exact model, but its seems like it would be nice to have a tiny bit
of framework here.

Paul


On Dec 10, 2007 12:10 PM, Sihem <st...@yahoo.fr> wrote:

> Hello!
> I would like to know whether the access control functionnality will be
> added in the next synapse release. Because I would like synapse to extract a
> kerberos token from the client message and use it to determine if the client
> is allowed to access the final web service.
> Thank you by advance!
> sihem
>
>
> ---------------------------------
>  Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo!
> Mail
>



-- 
Paul Fremantle
Co-Founder and VP of Technical Sales, WSO2
OASIS WS-RX TC Co-chair

blog: http://pzf.fremantle.org
paul@wso2.com

"Oxygenating the Web Service Platform", www.wso2.com