synapse-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Fremantle" <pzf...@gmail.com>
Subject Re: Access control
Date Mon, 10 Dec 2007 12:48:09 GMT
Sihem

We have already some user contributed mediators for access control. Its
pretty easy to implement. The problem is really in tying into a backend. One
option I guess we could consider is using the WSO2 UserManager library which
is an open source library to backends like LDAP.

I also believe that there is built-in Kerberos support in the JDK so for
that aspect we could use that.

How about we create an authentication model like this:

<authenticate>
   <provider class="org.apache.synapse.authenticators.kerberos">
       <property name="token" expression="/xpath/to/token/element"/>
   </provider>
   <onFail>
      <sequence ref="authfailed"/>
   </onFail>
</authenticate>

>From this we can create a set of "authentication providers". These can
simply be classes that have properties injected from the message and return
a boolean.
I guess we could model them on the POJO command stuff maybe. I'm not exactly
sure the exact model, but its seems like it would be nice to have a tiny bit
of framework here.

Paul


On Dec 10, 2007 12:10 PM, Sihem <stfleche@yahoo.fr> wrote:

> Hello!
> I would like to know whether the access control functionnality will be
> added in the next synapse release. Because I would like synapse to extract a
> kerberos token from the client message and use it to determine if the client
> is allowed to access the final web service.
> Thank you by advance!
> sihem
>
>
> ---------------------------------
>  Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo!
> Mail
>



-- 
Paul Fremantle
Co-Founder and VP of Technical Sales, WSO2
OASIS WS-RX TC Co-chair

blog: http://pzf.fremantle.org
paul@wso2.com

"Oxygenating the Web Service Platform", www.wso2.com

Mime
View raw message