1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML>
<HEAD>
<META name="description" content="Apache Tuscany">
<META name="keywords" content="apache, apache tuscany, tuscany, service, services, fabric, soa, service oriented architecture, sca, service component architecture, das, sdo, csa, ruby, opensource">
<LINK type="text/css" rel="stylesheet" href="http://tuscany.apache.org/stylesheets/default.css">
<LINK rel="SHORTCUT ICON" href="https://cwiki.apache.org/confluence/display/TUSCANYxDOCx2x/$images/favicon.ico">
<TITLE>SCA Java binding.http security policy section : Apache Tuscany</TITLE>
<META http-equiv="Content-Type" content="text/html;charset=UTF-8"></HEAD>
<STYLE>
.spacetree * ul {
padding-left:0px;
margin-left: 0px;
}
.spacetree * li {
margin-left: 5px;
padding-left:5px;
}
</STYLE>
<BODY onload="init()">
<!-- topNav -->
<TABLE border="0" cellpadding="2" cellspacing="0" width="100%">
<TR class="topBar">
<TD align="left" valign="middle" class="topBarDiv" align="left" nowrap="">
<A href="https://cwiki.apache.org/geronimo"> Home</A> > <A href="index.html" title="Apache Tuscany Docs 2.x">Apache Tuscany Docs 2.x</A> > <A href="index.html" title="Index">Index</A> > <A href="sca-java-extensions-guide.html" title="SCA Java Extensions Guide">SCA Java Extensions Guide</A> > <A href="" title="SCA Java binding.http security policy section">SCA Java binding.http security policy section</A>
</TD>
<TD align="right" valign="middle" nowrap="">
<FORM name="search" action="http://www.google.com/search" method="get">
<INPUT type="hidden" name="ie" value="UTF-8">
<INPUT type="hidden" name="oe" value="UTF-8">
<INPUT type="hidden" name="domains" value="">
<INPUT type="hidden" name="sitesearch" value="">
<INPUT type="text" name="q" maxlength="255" value="">
<INPUT type="submit" name="btnG" value="Google Search">
</FORM>
</TD>
</TR>
</TABLE>
<TABLE border="0" cellpadding="2" cellspacing="0" width="100%">
<TR class="topBar">
<TD align="left" valign="middle" class="topBarDiv" nowrap="true" width="100%">
<A href="index.html" title="Apache Tuscany Docs 2.x">Apache Tuscany Docs 2.x</A> > <A href="index.html" title="Index">Index</A> > <A href="sca-java-extensions-guide.html" title="SCA Java Extensions Guide">SCA Java Extensions Guide</A> > <A href="" title="SCA Java binding.http security policy section">SCA Java binding.http security policy section</A>
</TD>
<TD align="right" valign="middle" class="topBarDiv" align="left" nowrap="true">
<A href="http://tuscany.apache.org/">Tuscany Home</A> | <A href="http://mail-archives.apache.org/mod_mbox/tuscany-user">User List</A> | <A href="http://mail-archives.apache.org/mod_mbox/tuscany-dev">Dev List</A> | <A href="http://issues.apache.org/jira/browse/Tuscany">Issue Tracker</A>
</TD>
</TR>
</TABLE>
<TABLE border="0" cellpadding="0" width="100%" bgcolor="#FFFFFF">
<TR>
<TD valign="top" align="left" width="22%" bgcolor="#F9F9F9" class="noprint">
<DIV class="tabletitle">Table of Contents</DIV>
<DIV class="spacetree">
</DIV>
</TD>
<TD align="left" valign="top" width="78%">
<!-- pageContent -->
<DIV id="PageContent">
<DIV class="pageheader" style="padding: 6px 0px 0px 0px;">
<!-- We'll enable this once we figure out how to access (and save) the logo resource -->
<!--img src="http://geronimo.apache.org/images/confluence_logo.gif" style="float: left; margin: 4px 4px 4px 10px;" border="0"-->
<DIV style="margin: 0px 10px 0px 10px" class="smalltext">Apache Tuscany Docs 2.x</DIV>
<DIV style="margin: 0px 10px 8px 10px" class="pagetitle">SCA Java binding.http security policy section</DIV>
<DIV class="greynavbar" align="right" style="padding: 2px 10px; margin: 0px;">
<!-- -->
<A href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=5964967">
<IMG src="http://geronimo.apache.org/images/icons/notep_16.gif" height="16" width="16" border="0" align="absmiddle" title="Edit Page"></A>
<A href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=5964967">Edit Page</A>
<A href="https://cwiki.apache.org/confluence/pages/listpages.action?key=TUSCANYxDOCx2x">
<IMG src="http://geronimo.apache.org/images/icons/browse_space.gif" height="16" width="16" border="0" align="absmiddle" title="Browse Space"></A>
<A href="https://cwiki.apache.org/confluence/pages/listpages.action?key=TUSCANYxDOCx2x">Browse Space</A>
<A href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=TUSCANYxDOCx2x&fromPageId=5964967">
<IMG src="http://geronimo.apache.org/images/icons/add_page_16.gif" height="16" width="16" border="0" align="absmiddle" title="Add Page"></A>
<A href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=TUSCANYxDOCx2x&fromPageId=5964967">Add Page</A>
<A href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=TUSCANYxDOCx2x&fromPageId=5964967">
<IMG src="http://geronimo.apache.org/images/icons/add_blogentry_16.gif" height="16" width="16" border="0" align="absmiddle" title="Add News"></A>
<A href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=TUSCANYxDOCx2x&fromPageId=5964967">Add News</A>
<!-- -->
</DIV>
</DIV>
<DIV class="pagecontent">
<DIV class="wiki-content">
<H3><A name="SCAJavabinding.httpsecuritypolicysection-SecurityPolicysupportinHTTPandWeb2.0Bindings"></A>Security Policy support in HTTP and Web 2.0 Bindings</H3>
<DIV class="panelMacro"><TABLE class="infoMacro"><COLGROUP><COL width="24"><COL></COLGROUP><TR><TD valign="top"><IMG src="https://cwiki.apache.org/confluence/images/icons/emoticons/information.gif" width="16" height="16" align="absmiddle" alt="" border="0"></TD><TD>work in progress</TD></TR></TABLE></DIV>
<H3><A name="SCAJavabinding.httpsecuritypolicysection-Scenarios"></A>Scenarios</H3>
<UL>
<LI>A Web 2.0 application requires that a user get authenticated before it can access the application.</LI>
<LI>A Web 2.0 application requires that all communication between client/server be done using SSL.</LI>
<LI>A given service, exposed using a web 2.0 binding requires user authentication.</LI>
<LI>A given operation, exposed using a web 2.0 binding requires user authentication.</LI>
</UL>
<H3><A name="SCAJavabinding.httpsecuritypolicysection-PolicyInterceptor"></A>Policy Interceptor</H3>
<P>The design approach that is being considered is to inject policy security interceptors, that would properly validate and enforce the security intents.<BR>
The authentication will be done using JAAS modules for authentication, and initially we would support authenticating to a list of username/password supplied by the application or using an LDAP.</P>
<P><SPAN class="image-wrap" style="display: block; text-align: center"><IMG src="sca-java-bindinghttp-security-policy-section.data/policy_interceptors_high_level_design.jpg" style="border: 0px solid black"></SPAN></P>
</DIV>
</DIV>
</DIV>
</TD>
</TR>
</TABLE>
<!-- footer -->
<TABLE border="0" cellpadding="2" cellspacing="0" width="100%">
<TR>
<TD align="left" valign="middle" class="footer">
<IMG src="http://static.delicious.com/img/delicious.small.gif" height="10" width="10" alt="Delicious">
<A href="http://delicious.com/save" onclick="window.open('http://delicious.com/save?v=5&noui&jump=close&url='+encodeURIComponent(location.href)+'&title='+encodeURIComponent(document.title),'delicious','toolbar=no,width=550,height=550'); return false;">Bookmark this on Delicious</A>
<IMG src="http://digg.com/img/badges/16x16-digg-guy.gif" width="16" height="16" alt="Digg!">
<A href="" onclick="window.open('http://digg.com/submit?url='+encodeURIComponent(location.href)+'&title='+encodeURIComponent(document.title)+'&topic=programming');">Digg this</A>
<!-- Slicker, but no text
<script type="text/javascript">
digg_skin = 'icon';
digg_window = 'new';
digg_title = 'Apache Geronimo v2.2 Documentation : SCA Java binding.http security policy section';
digg_topic = 'programming';
</script>
<script src="http://digg.com/tools/diggthis.js" type="text/javascript"></script>
-->
</TD>
<TD align="right" valign="middle" class="footer">
<A href="http://cwiki.apache.org/GMOxPMGT/geronimo-privacy-policy.html">Privacy Policy</A> -
Copyright © 2003-2010, The Apache Software Foundation, Licensed under <A href="http://www.apache.org/licenses/LICENSE-2.0">ASL 2.0.</A>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>
|
