• Post Reply Bookmark Topic Watch Topic
  • New Topic

Authorization with Axis2/Rampart

 
G.I. Gurdjieff
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi everybody. What are the options for developing an rbac (role based access control) or any other authorization (not authentication) policy with an axis2 service with rampart? Basically we have to types of users: basic or enterprise; we have a service which offers some operations and we want to keep some operations aviable only to enterprise users. The service is deployed in Tomcat7. I had thought abut using Saml + Xacml but for what I've read rampart doesn't support this option. Thank you so much.
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
WS-Security doesn't handle authorization, so you're basically on your own to look up the user's permissions and have the code act accordingly.
 
G.I. Gurdjieff
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ulf Dittmer wrote:WS-Security doesn't handle authorization, so you're basically on your own to look up the user's permissions and have the code act accordingly.


What do you think about using Apache Shiro to handle this problems? Is it possible to make it work with Axis2? Thank you
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can probably make it work, but since you wouldn't use it for authentication, my gut feeling is that using it for authorization would be rather more work than implementing programmatic authorization in your own code.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!