You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Daniel Kulp (JIRA)" <ji...@apache.org> on 2010/04/06 18:11:34 UTC
[jira] Commented: (CXF-2754) Extend WS-Security component for
higher level containers be able to use UsernameToken to authenticate a
user and populate SecurityContext
[ https://issues.apache.org/jira/browse/CXF-2754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12854038#action_12854038 ]
Daniel Kulp commented on CXF-2754:
----------------------------------
Note: with 2.2.7, if ONLY using UsernameToken policy, there is a new set of interceptors that is used instead of the WSS4JInInterceptor (or subclasses). It might be possible to extend that somehow as a starting point.
> Extend WS-Security component for higher level containers be able to use UsernameToken to authenticate a user and populate SecurityContext
> --------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: CXF-2754
> URL: https://issues.apache.org/jira/browse/CXF-2754
> Project: CXF
> Issue Type: Improvement
> Components: WS-* Components
> Affects Versions: 2.3, 2.2.8
> Reporter: Sergey Beryozkin
> Assignee: Sergey Beryozkin
> Fix For: 2.3, 2.2.8
>
>
> By default, WSS4JInInterceptor relies on CallbackHandlers to provide or validate a password for handling digests and clear-texts respectively.
> Also, the default SecurityContext is partially populated and thus can not be used for the authorization decisions.
> Higher level containers should be able to delegate to their own subsystems for authenticating a user and populating SecurityContext
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.