You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@servicemix.apache.org by yanherrera <ya...@yahoo.es> on 2010/11/18 10:09:05 UTC
Authorization based on XACML
Hello everyone,
I'm trying to include authorization based on XACML in ServiceMix.
We have some web service through a CXF-BC and we want to carry out the
authorization through XACML. Is it possible? Is their any tutorial to help
me do it?
Thanks in advance
Juan José
--
View this message in context: http://servicemix.396122.n5.nabble.com/Authorization-based-on-XACML-tp3270448p3270448.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: Authorization based on XACML
Posted by "david.brossard" <da...@gmail.com>.
You can create your own Policy Enforcement Point (PEP) for ServiceMix which
will look at the JBI object, extract any value (as Freeman points out) you
need in and map them to XACML attributes. You then need to create a XACML
request and send it to your external authorization service.
Using the same pattern I've written a simple PEP for Apache CXF using
Axiomatics's XACML API.
For instance, in the CXF PEP I wrote, I focus on the
org.apache.cxf.message.Message object. The Authorization call is built as a
handler class which extends
org.apache.cxf.phase.AbstractPhaseInterceptor<Message>.
In the handleMessage(Message message) method, I then start inspecting the
Message object and extracting value I am interested in.
Example:
// 2. about the resource
String address =
message.getDestination().getAddress().getAddress().getValue();
AttributeValue aValue = new StringAttribute(address);
Attribute resourceAddress = new
com.axiomatics.xacml.ctx.Attribute(URI.create("com.apache.cxf:address"),
issuer, aValue);
resourceAttributes.add(resourceAddress);
Once you've collected all the XACML attributes you are interested in, you
can create the request to the AuthZ service.
David. [http://www.webfarmr.eu]
--
View this message in context: http://servicemix.396122.n5.nabble.com/Authorization-based-on-XACML-tp3270448p3297173.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: Authorization based on XACML
Posted by Freeman Fang <fr...@gmail.com>.
Hi,
I don't know so much about XACML, but if it's element stored in soap
message, then you can always extract it and write a custom
interceptor to save it in JBI MessageExchange as property, which could
be used later anywhere in JBI container.
We have several threads on this maillinglist to discuss how to do it
with ws-security headers, you may need search and see if it helps for
your scenario,
Freeman
On 2010-11-18, at 下午5:09, yanherrera wrote:
>
> Hello everyone,
>
> I'm trying to include authorization based on XACML in ServiceMix.
>
> We have some web service through a CXF-BC and we want to carry out
> the
> authorization through XACML. Is it possible? Is their any tutorial
> to help
> me do it?
>
> Thanks in advance
>
> Juan José
> --
> View this message in context: http://servicemix.396122.n5.nabble.com/Authorization-based-on-XACML-tp3270448p3270448.html
> Sent from the ServiceMix - User mailing list archive at Nabble.com.
--
Freeman Fang
------------------------
FuseSource: http://fusesource.com
blog: http://freemanfang.blogspot.com
twitter: http://twitter.com/freemanfang
Apache Servicemix:http://servicemix.apache.org
Apache Cxf: http://cxf.apache.org
Apache Karaf: http://karaf.apache.org
Apache Felix: http://felix.apache.org