Page Comparison

Fabric3 includes an extensible security framework that supports implements authentication and authorization. Authentication is typically specified as a policy intent on a binding part of binding (remote communications) configuration to perform client, server, or mutual authentication. When a client is authenticated, a security subject is associated with request messages sent by the client. This security subject can then be used to authorize access to service operations based on roles.

The security provider varies by runtime. The Standalone, Maven, and Ant runtimes are configured by default to use a basic security provider. The Tomcat runtime is configured with a provider that delegates to Tomcat security realms. There is also a Fabric3 extension that uses Spring Security, which can be installed in any of the Fabric3 runtimes.

...

When installed, Fabric3 transparently associates the Spring Security provider with application contexts that are configured as SCA components. To enable authorization for Spring beans contained in those application contexts, use the Spring Security elements as in any typical Spring application. The following is an example that enables authorization on all Spring beans. Note that namespace declarations have been omitted from the <beans> element:
<beans xmlns=http://www.springframework.org/schema/beans ...>
<security:global-method-security
pre-post-annotations="enabled"/>
<sca:service name="SecureTestService"
target="SpringSecureService"/>
<bean name="SpringSecureService"
class="org.fabric3.sample.SomeSpringBean"/>
</beans>
For more information, refer to the Spring Security reference. Similarly, the WebLogic runtime delegates to WebLogic's security infrastructure.

Note there is also a Fabric3 security provider extension that uses Spring Security. This provider can be used in any of the Fabric3 runtimes.

The following sections detail how to enable security in application code and create custom security providers: