I don't know so much about XACML, but if it's element stored in soap
message, then you can always extract it and write a custom
interceptor to save it in JBI MessageExchange as property, which could
be used later anywhere in JBI container.
We have several threads on this maillinglist to discuss how to do it
with ws-security headers, you may need search and see if it helps for
On 2010-11-18, at 下午5:09, yanherrera wrote:
> Hello everyone,
> I'm trying to include authorization based on XACML in ServiceMix.
> We have some web service through a CXF-BC and we want to carry out
> authorization through XACML. Is it possible? Is their any tutorial
> to help
> me do it?
> Thanks in advance
> Juan José
> View this message in context: http://servicemix.396122.n5.nabble.com/Authorization-based-on-XACML-tp3270448p3270448.html > Sent from the ServiceMix - User mailing list archive at Nabble.com.
You can create your own Policy Enforcement Point (PEP) for ServiceMix which will look at the JBI object, extract any value (as Freeman points out) you need in and map them to XACML attributes. You then need to create a XACML request and send it to your external authorization service.
Using the same pattern I've written a simple PEP for Apache CXF using Axiomatics's XACML API.
For instance, in the CXF PEP I wrote, I focus on the org.apache.cxf.message.Message object. The Authorization call is built as a handler class which extends org.apache.cxf.phase.AbstractPhaseInterceptor<Message>.
In the handleMessage(Message message) method, I then start inspecting the Message object and extracting value I am interested in.
// 2. about the resource
String address = message.getDestination().getAddress().getAddress().getValue();
AttributeValue aValue = new StringAttribute(address);
Attribute resourceAddress = new com.axiomatics.xacml.ctx.Attribute(URI.create("com.apache.cxf:address"), issuer, aValue);
Once you've collected all the XACML attributes you are interested in, you can create the request to the AuthZ service.