4 Replies Latest reply on Jun 11, 2012 5:21 AM by radomir.kadlec

    How to make authorization on endpoints working




      I will use authorization on my cxfbc:consumer endpoints. So I will order diffrent user roles to my endpoints to allow the access only for users owning the dedicated role.


      I use DefaultAuthorizationEntry in the Spring configuration as described in this manual:



      At first I created a new DefaultAuthorizationEntry with type="Remove" to remove the default authorization entry for endpoint="*".


      Then in my second DefaultAuthorizationEntry I entered the name of my endpoint to be authorized in the "endpoint" property.

      But the DefaultAuthorizationService did not find any matching endpoint to my entry.


      In the debugging mode I realized, the authorization service compares the entered endpoint name with a generated endpoint id. No wonder, no matching endpoins are found.


      It seems, there is a BUG in the authorization process in ServiceMix.

      See FlowRegistryImpl line 93, where the endpoint id instaed of endpoint name is used to call authorizationService.getAcls.


      I use the newest apache-servicemix-4.4.1-fuse-06-03 and osgi deployment.


      Thank you for any tips, how to make the authorization working.