synapse-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Fremantle" <>
Subject Re: Access control
Date Mon, 10 Dec 2007 12:48:09 GMT

We have already some user contributed mediators for access control. Its
pretty easy to implement. The problem is really in tying into a backend. One
option I guess we could consider is using the WSO2 UserManager library which
is an open source library to backends like LDAP.

I also believe that there is built-in Kerberos support in the JDK so for
that aspect we could use that.

How about we create an authentication model like this:

   <provider class="org.apache.synapse.authenticators.kerberos">
       <property name="token" expression="/xpath/to/token/element"/>
      <sequence ref="authfailed"/>

>From this we can create a set of "authentication providers". These can
simply be classes that have properties injected from the message and return
a boolean.
I guess we could model them on the POJO command stuff maybe. I'm not exactly
sure the exact model, but its seems like it would be nice to have a tiny bit
of framework here.


On Dec 10, 2007 12:10 PM, Sihem <> wrote:

> Hello!
> I would like to know whether the access control functionnality will be
> added in the next synapse release. Because I would like synapse to extract a
> kerberos token from the client message and use it to determine if the client
> is allowed to access the final web service.
> Thank you by advance!
> sihem
> ---------------------------------
>  Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo!
> Mail

Paul Fremantle
Co-Founder and VP of Technical Sales, WSO2


"Oxygenating the Web Service Platform",

View raw message