Skip to content
  • cdanger's avatar
    - upgraded super parent version to 5.0.0 · cf8dabfa
    cdanger authored
    - new RESTfulPdpBasedAuthzInterceptorTest based on CXF developer
    coheigea's SAML/XACML 2.0 RESTful PDP based authorizing CXF interceptor,
    and also the same as EmbeddedPDPBasedAuthzInterceptorTest in
    authzforce-ce-core (src/test/java) but using the REST API instead of
    Java API
     
    /**
     * The client authenticates to the STS using a username/password, and
    gets a signed holder-of-key SAML Assertion in return. This is presented
    to the service, who verifies proof-of-possession + the
     * signature of the STS on the assertion. The CXF endpoint extracts
    roles from the Assertion + populates the security context. Note that the
    CXF endpoint requires a "role" Claim via the security
     * policy.
     *
     * The CXF Endpoint has configured the XACMLAuthorizingInterceptor,
    which creates a XACML 3.0 request for dispatch to the PDP, and then
    enforces the PDP's decision. The mocked PDP is a REST service,
     * that requires that a user must have role "boss" to access the
    "doubleIt" operation ("alice" has this role, "bob" does not).
     */ 
    cf8dabfa