4 Replies Latest reply on Jun 11, 2012 5:21 AM by Radomír Kadlec

    How to make authorization on endpoints working

    Radomír Kadlec Newbie

      Hello,

       

      I will use authorization on my cxfbc:consumer endpoints. So I will order diffrent user roles to my endpoints to allow the access only for users owning the dedicated role.

       

      I use DefaultAuthorizationEntry in the Spring configuration as described in this manual:

      http://servicemix.apache.org/SMX4NMR/5-security.html

       

      At first I created a new DefaultAuthorizationEntry with type="Remove" to remove the default authorization entry for endpoint="*".

       

      Then in my second DefaultAuthorizationEntry I entered the name of my endpoint to be authorized in the "endpoint" property.

      But the DefaultAuthorizationService did not find any matching endpoint to my entry.

       

      In the debugging mode I realized, the authorization service compares the entered endpoint name with a generated endpoint id. No wonder, no matching endpoins are found.

       

      It seems, there is a BUG in the authorization process in ServiceMix.

      See FlowRegistryImpl line 93, where the endpoint id instaed of endpoint name is used to call authorizationService.getAcls.

       

      I use the newest apache-servicemix-4.4.1-fuse-06-03 and osgi deployment.

       

      Thank you for any tips, how to make the authorization working.

      Radomir