2 Replies Latest reply on Feb 15, 2010 8:30 AM by soshah

Security using JBoss Authz in a Web Services based SOA approach

sourab Feb 1, 2010 6:30 AM

Hi,

We are working on a solution based on Web Services based Service Oriented Architecture, which comprises of a collection of Web Services catering to multiple clients - desktop, mobile, web consoles, etc., for various business needs. The clients can communicate with any of the Web Services and the services can communicate with one another for acheiving the application functionalities. We are trying to integrate JBoss Authz in the server side for providing permission based access to the client side users.
As each of the Services cater to different business needs, it would not be right to provide a single web service interface and expose all the underlying services methods in the enforcement and provisioning layer. Is it possible to build an independent enforcement and policy provisioning layer for all the web services?. Can you provide inputs on how we can achieve security using JBoss authorization concepts in a Web Services based SOA approach?

Thanks,

Balaji

1. Re: Security using JBoss Authz in a Web Services based SOA approach

sourab Feb 14, 2010 11:54 PM (in response to sourab)

The sample application(src/samples/secure-pojo) in the authz-1.0.alpha1 only explained about security for the jar application. Can you please provide me the samples to do in web application(web services)?. Also I want to know how to start the PDP for web application as it was deployed in the JBoss application server?.
Please correct me if I understood the concept wrongly.

Thanks,
Balaji
Actions
2. Re: Security using JBoss Authz in a Web Services based SOA approach

soshah Feb 15, 2010 8:30 AM (in response to sourab)

Balaji-

For the web layer I would recommend taking a look at the Http profile located here:

http://anonsvn.jboss.org/repos/jbossidentity/authz/trunk/http-profile

Its still in development mode but should give you a start

Thanks
Sohil
Actions

Go to original post