1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE- 2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML>
<HEAD>
<!-- generateKeywords macro -->
<META name="description" content="Apache Tuscany">
<META name="keywords" content="apache, apache tuscany, tuscany, service, services, fabric, soa, service oriented architecture, sca, service component architecture, das, sdo, csa, ruby, opensource">
<!-- generateKeywords macro end -->
<LINK type="text/css" rel="stylesheet" href="http://tuscany.apache.org/stylesheets/default.css">
<LINK rel="SHORTCUT ICON" href="https://cwiki.apache.org/confluence/display/TUSCANY/$images/favicon.ico">
<TITLE>Apache Tuscany : SCA Java binding.http security policy section</TITLE>
<META http-equiv="Content-Type" content="text/html;charset=UTF-8"></HEAD>
<BODY onload="init()">
<!-- topNav macro -->
<TABLE valign="top" border="0" cellspacing="0" cellpadding="0" width="100%" background="http://tuscany.apache.org/images/TuscanyLogoNEW_Text_120px_bg.jpg">
<TR>
<TD valing="top" align="left">
<A href="https://cwiki.apache.org/confluence/pages/viewpage.action?spaceKey=TUSCANY&title=$siteroot"><IMG src="http://tuscany.apache.org/images/TuscanyLogoNEW_Text_120px_bg.jpg" height="91" width="25" border="0"></A>
</TD>
<TD>
<A href="http://tuscany.apache.org/"><IMG src="http://tuscany.apache.org/images/TuscanyLogo.jpg" border="0"></A>
</TD>
<TD width="100%">
</TD>
<!-- Adds the edit page link to the top banner-->
<TD valign="bottom">
<DIV style="padding: 2px 10px; margin: 0px;">
<A href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=99372">
<IMG src="http://tuscany.apache.org/images/notep_16.gif" height="16" width="16" border="0" align="absmiddle" title="Edit Page"></A>
</DIV>
</TD>
</TR>
</TABLE>
<!-- topNav macro end -->
<!-- breadCrumbs macro -->
<TABLE border="0" cellpadding="2" cellspacing="0" width="100%">
<TR class="topBar">
<TD align="left" valign="middle" class="topBarDiv" nowrap="true" width="100%">
<A href="home.html" title="Apache Tuscany">Apache Tuscany</A> > <A href="home.html" title="Home">Home</A> > <A href="sca-overview.html" title="SCA Overview">SCA Overview</A> > <A href="sca-java.html" title="SCA Java">SCA Java</A> > <A href="java-sca-documentation-menu.html" title="Java SCA Documentation Menu">Java SCA Documentation Menu</A> > <A href="" title="SCA Java binding.http security policy section">SCA Java binding.http security policy section</A>
</TD>
<TD align="right" valign="middle" class="topBarDiv" align="left" nowrap="true">
<A href="http://mail-archives.apache.org/mod_mbox/tuscany-user">User List</A> | <A href="http://mail-archives.apache.org/mod_mbox/tuscany-dev">Dev List</A> | <A href="http://issues.apache.org/jira/browse/Tuscany">Issue Tracker</A>
</TD>
</TR>
</TABLE>
<!-- breadCrumbs macro end -->
<TABLE border="0" cellpadding="0" width="100%" bgcolor="#FFFFFF">
<TR>
<TD align="left" valign="top">
<!-- pageContent macro -->
<DIV id="PageContent">
<DIV class="pagecontent">
<DIV class="wiki-content">
<H3><A name="SCAJavabinding.httpsecuritypolicysection-SecurityPolicysupportinHTTPandWeb2.0Bindings"></A>Security Policy support in HTTP and Web 2.0 Bindings</H3>
<DIV class="panelMacro"><TABLE class="infoMacro"><COLGROUP><COL width="24"><COL></COLGROUP><TR><TD valign="top"><IMG src="https://cwiki.apache.org/confluence/images/icons/emoticons/information.gif" width="16" height="16" align="absmiddle" alt="" border="0"></TD><TD>work in progress</TD></TR></TABLE></DIV>
<H3><A name="SCAJavabinding.httpsecuritypolicysection-Scenarios"></A>Scenarios</H3>
<UL>
<LI>A Web 2.0 application requires that a user get authenticated before it can access the application.</LI>
<LI>A Web 2.0 application requires that all communication between client/server be done using SSL.</LI>
<LI>A given service, exposed using a web 2.0 binding requires user authentication.</LI>
<LI>A given operation, exposed using a web 2.0 binding requires user authentication.</LI>
</UL>
<H3><A name="SCAJavabinding.httpsecuritypolicysection-PolicyInterceptor"></A>Policy Interceptor</H3>
<P>The design approach that is being considered is to inject policy security interceptors, that would properly validate and enforce the security intents.<BR>
The authentication will be done using JAAS modules for authentication, and initially we would support authenticating to a list of username/password supplied by the application or using an LDAP.</P>
<P><SPAN class="image-wrap" style="display: block; text-align: center"><IMG src="sca-java-bindinghttp-security-policy-section.data/high_level_design.jpg" style="border: 0px solid black"></SPAN></P>
</DIV>
</DIV>
</DIV>
<!-- pageContent macro end -->
</TD>
</TR>
</TABLE>
<!-- footer macro -->
<SCRIPT src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</SCRIPT>
<SCRIPT type="text/javascript">
_uacct = "UA-1174707-5";
urchinTracker();
</SCRIPT>
<A href="http://www.statcounter.com/" target="_blank"><IMG src="http://c26.statcounter.com/counter.php?sc_project=2619156&java=0&security=94bd7e7d&invisible=0" alt="website stats" border="0"></A>
<DIV class="footer">
Copyright � 2003-2012, The Apache Software Foundation </BR>
Apache Tuscany and the Apache Tuscany project logo are trademarks of The Apache Software Foundation.
</DIV>
<!-- footer macro end -->
</BODY>
</HTML>
|