[GSoC] [IS] WS-Trust Implementation for IS 6.0.0

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[GSoC] [IS] WS-Trust Implementation for IS 6.0.0


Outcome of our previous meetings
  1. We decided to use cxf SecurityTokenServiceProvider [1] class as the entry point of the STS implementation. Since SecurityTokenServiceProvider is not thread safe we have to create a new instance for each incoming request.
  2. When it comes to Policy Enforcement we'll be using message properties to override the default behaviour cxf policy framework. By using message properties we can dynamically change effective security policies.
  3. All components including Token Providers, Claim Manager, Static Property Provider will be plugged into the SecurityTokenServiceProvider programmatically (without using spring XML)

SecurityTokenServiceProvider uses a WebServiceContext. Since our intention is to delegate only the Soap Message to STS (since we're not using web services coupled with STS) we'll have to write a mock class for WebServiceContext (not finalised)

[1] https://github.com/apache/cxf/blob/master/rt/ws/security/src/main/java/org/apache/cxf/ws/security/sts/provider/SecurityTokenServiceProvider.java

Best Regards
Isuranga Perera

Dev mailing list
[hidden email]