HomeApache Tuscany Docs 2.x > Index > SCA Java Extensions Guide > SCA Java binding.http security policy section
 Apache Tuscany Docs 2.x > Index > SCA Java Extensions Guide > SCA Java binding.http security policy section Tuscany Home | User List | Dev List | Issue Tracker  
Table of Contents

Security Policy support in HTTP and Web 2.0 Bindings

work in progress

Scenarios

  • A Web 2.0 application requires that a user get authenticated before it can access the application.
  • A Web 2.0 application requires that all communication between client/server be done using SSL.
  • A given service, exposed using a web 2.0 binding requires user authentication.
  • A given operation, exposed using a web 2.0 binding requires user authentication.

Policy Interceptor

The design approach that is being considered is to inject policy security interceptors, that would properly validate and enforce the security intents.
The authentication will be done using JAAS modules for authentication, and initially we would support authenticating to a list of username/password supplied by the application or using an LDAP.