Uploaded image for project: 'SwitchYard'
  1. SwitchYard
  2. SWITCHYARD-1772

authorization security policy needs to move to implementation

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 1.1
    • Fix Version/s: 1.1
    • Component/s: tooling
    • Labels:
      None

      Description

      SwitchYard's SecurityPolicy defines 3 intents: confidentiality, clientAuthentication, and authorization. Previously, all 3 were marked as interaction policy types. However, according to the spec, "authorization" is actually an implementation policy type. As of SWITCHYARD-1729, the runtime has been fixed to re-align to this.

      The tooling needs to change as well. When checking the checkboxes for the security policies, the confidentiality and clientAuthentication selections can remain as attributes being added to the space-delimited value of the requires attribute of the service element. However, when checking the authorization policy, it should be added to the space-delimited value of the requires attribute of the implementation.[impl] element (where "[impl]" could be bean, for example).

      Here is an example from SWITCHYARD-1729's new policy-security-basic-propagate quickstart:

      <composite xmlns="http://docs.oasis-open.org/ns/opencsa/sca/200912" name="policy-security-basic-propagate" targetNamespace="urn:switchyard-quickstart-demo:policy-security-basic-propagate:0.1.0">
      <service name="WorkService" promote="WorkService">
      <interface.wsdl interface="META-INF/WorkService.wsdl#wsdl.porttype(WorkService)"/>
      <binding.soap xmlns="urn:switchyard-component-soap:config:1.0">
      <wsdl>META-INF/WorkService.wsdl</wsdl>
      <contextPath>policy-security-basic-propagate</contextPath>
      </binding.soap> </service>
      <component name="WorkService">
      <implementation.bean xmlns="urn:switchyard-component-bean:config:1.0" class="org.switchyard.quickstarts.demo.policy.security.basic.propagate.WorkServiceBean" requires="authorization"/>
      <service name="WorkService" requires="confidentiality clientAuthentication">
      <interface.java interface="org.switchyard.quickstarts.demo.policy.security.basic.propagate.WorkService"/>
      </service>
      <reference name="BackEndService">
      <interface.java interface="org.switchyard.quickstarts.demo.policy.security.basic.propagate.BackEndService"/>
      </reference> </component>
      <component name="BackEndService">
      <implementation.bean xmlns="urn:switchyard-component-bean:config:1.0" class="org.switchyard.quickstarts.demo.policy.security.basic.propagate.BackEndServiceBean" requires="authorization"/>
      <service name="BackEndService" requires="confidentiality clientAuthentication">
      <interface.java interface="org.switchyard.quickstarts.demo.policy.security.basic.propagate.BackEndService"/>
      </service>
      </component>
      </composite>

      You can see that requires="confidentiality clientAuthentication" is on the service element, and requires="authorization" is on the implementation.bean element.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  bfitzpat Brian Fitzpatrick
                  Reporter:
                  dward David Ward
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: