-
cdanger authored
- new RESTfulPdpBasedAuthzInterceptorTest based on CXF developer coheigea's SAML/XACML 2.0 RESTful PDP based authorizing CXF interceptor, and also the same as EmbeddedPDPBasedAuthzInterceptorTest in authzforce-ce-core (src/test/java) but using the REST API instead of Java API /** * The client authenticates to the STS using a username/password, and gets a signed holder-of-key SAML Assertion in return. This is presented to the service, who verifies proof-of-possession + the * signature of the STS on the assertion. The CXF endpoint extracts roles from the Assertion + populates the security context. Note that the CXF endpoint requires a "role" Claim via the security * policy. * * The CXF Endpoint has configured the XACMLAuthorizingInterceptor, which creates a XACML 3.0 request for dispatch to the PDP, and then enforces the PDP's decision. The mocked PDP is a REST service, * that requires that a user must have role "boss" to access the "doubleIt" operation ("alice" has this role, "bob" does not). */
cf8dabfa