You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by huntc <hu...@mac.com> on 2009/03/26 00:57:31 UTC
Re: Is security support planned (JAAS, ACEGI, ...)
I'd like to dig up this old post in order to debate the topic of identity.
More specifically what can be done to identify a consumer of a service
provided by Camel, and then filter what this principal is allowed to see?
Sounds like the JAAS domain but I've not yet got my head around how this
should be applied to Camel provider endpoints. Any thoughts?
On one of the other questions:
cmoulliard wrote:
>
> - Authorize client to use services onto the bus. This point is probably
> out of scope for Camel but it should be interesting also to have a
> processor allowing to verify that the client can use or not a service
> (like ftom().authorize()). You can argue that we can achieve this by
> intercepting the data transfer and check all the security stuff outside of
> camel or servicemix using Tivoli or equivalent solutions.
>
This can be done with AMQ at least - see my blog on
authentication/authorisation:
http://christopherhunt-software.blogspot.com/2009/03/mutual-ssl-authentication-and-ldap.html
--
View this message in context: http://www.nabble.com/Is-security-support-planned-%28JAAS%2C-ACEGI%2C-...%29-tp16561887p22713394.html
Sent from the Camel - Users (activemq) mailing list archive at Nabble.com.
Re: Is security support planned (JAAS, ACEGI, ...)
Posted by Pawel Jasinski <pa...@gmail.com>.
hi,
i have put together a simple consumer, camel (acting as intermediary)
and provider.
CXF+WSS4J provide the basis. Identity is delivered with SAML and
extracted into exchange (available to camel components). On the todo
list, is to put together authorization based on PERMIS. In principle:
service name, operation name, and client identity serve as a basis for
the authorization decision.
--pawel
On Thu, Mar 26, 2009 at 12:57 AM, huntc <hu...@mac.com> wrote:
>
> I'd like to dig up this old post in order to debate the topic of identity.
> More specifically what can be done to identify a consumer of a service
> provided by Camel, and then filter what this principal is allowed to see?
> Sounds like the JAAS domain but I've not yet got my head around how this
> should be applied to Camel provider endpoints. Any thoughts?
>
> On one of the other questions:
>
>
> cmoulliard wrote:
>>
>> - Authorize client to use services onto the bus. This point is probably
>> out of scope for Camel but it should be interesting also to have a
>> processor allowing to verify that the client can use or not a service
>> (like ftom().authorize()). You can argue that we can achieve this by
>> intercepting the data transfer and check all the security stuff outside of
>> camel or servicemix using Tivoli or equivalent solutions.
>>
> This can be done with AMQ at least - see my blog on
> authentication/authorisation:
>
> http://christopherhunt-software.blogspot.com/2009/03/mutual-ssl-authentication-and-ldap.html
>
> --
> View this message in context: http://www.nabble.com/Is-security-support-planned-%28JAAS%2C-ACEGI%2C-...%29-tp16561887p22713394.html
> Sent from the Camel - Users (activemq) mailing list archive at Nabble.com.
>
>
--
pawel