From 200a40b332420f94992eb39a6d0ea1cf1490ffc4 Mon Sep 17 00:00:00 2001 From: coreyg Date: Fri, 21 Nov 2014 09:30:19 +0000 Subject: Adding tuscany's website to their svn repo for svnpubsub git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1640879 13f79535-47bb-0310-9956-ffa450edef68 --- ...a-java-bindinghttp-security-policy-section.html | 131 +++++++++++++++++++++ 1 file changed, 131 insertions(+) create mode 100644 site/trunk/site-publish/sca-java-bindinghttp-security-policy-section.html (limited to 'site/trunk/site-publish/sca-java-bindinghttp-security-policy-section.html') diff --git a/site/trunk/site-publish/sca-java-bindinghttp-security-policy-section.html b/site/trunk/site-publish/sca-java-bindinghttp-security-policy-section.html new file mode 100644 index 0000000000..c612ee198b --- /dev/null +++ b/site/trunk/site-publish/sca-java-bindinghttp-security-policy-section.html @@ -0,0 +1,131 @@ + + + + + + + + + + + + + + + Apache Tuscany : SCA Java binding.http security policy section + + + + + + + + + + + + + + + +
+ + + + +   + +
+ + +
+
+ + + + + + + + + +
+  Apache Tuscany > Home > SCA Overview > SCA Java > Java SCA Documentation Menu > SCA Java binding.http security policy section + + User List | Dev List | Issue Tracker   +
+ + + + + + + +
+ + +
+ +
+
+

Security Policy support in HTTP and Web 2.0 Bindings

+ +
work in progress
+ +

Scenarios

+ +
    +
  • A Web 2.0 application requires that a user get authenticated before it can access the application.
  • +
  • A Web 2.0 application requires that all communication between client/server be done using SSL.
  • +
  • A given service, exposed using a web 2.0 binding requires user authentication.
  • +
  • A given operation, exposed using a web 2.0 binding requires user authentication.
  • +
+ + +

Policy Interceptor

+ +

The design approach that is being considered is to inject policy security interceptors, that would properly validate and enforce the security intents.
+The authentication will be done using JAAS modules for authentication, and initially we would support authenticating to a list of username/password supplied by the application or using an LDAP.

+ +

+
+
+
+ + +
+ + + + + + website stats + + + + + + -- cgit v1.2.3