Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current Restore this Version View Page History

« Previous Version 4 Next »

Fabric3 includes an extensible security framework that implements authentication and authorization. Authentication is typically specified as a policy intent on a binding to perform client, server, or mutual authentication. When a client is authenticated, a security subject is associated with messages sent by the client. This security subject can then be used to authorize access to service operations based on roles.

The security provider varies by runtime. The Standalone, Maven, and Ant runtimes are configured by default to use a basic security provider. The Tomcat runtime is configured with a provider that delegates to Tomcat security realms. There is also a Fabric3 extension that uses Spring Security, which can be installed in any of the Fabric3 runtimes.

Configuring The Basic Security Provider

The Standalone runtime includes a basic security provider that allows users and roles to be statically defined in a configuration file, security.xml, located in the runtime /config directory. An example file is shown below:

<users>
   <user>
      <username>foo</username>
      <password>bar</password>
      <roles>
         <role>role1</role>
         <role>role2</role>
      </roles>
   </user>
</users>

In the Maven runtime, the same security information is configured using a systemConfig entry:

<systemConfig>
       <config>
          <users>
             <user>
                <username>foo</username>
                <password>bar</password>
             </user>
          </users>
       </config>
</systemConfig>

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.