I have a httpd front end server which will authenticate users using openidc and associate JWT to the incoming request if the authentication is successful. Post this the request will reach the desired REST service, which is defined using Apache Camel CXF.
Now I need to deny/permit this user to the requested service based on certain permissions. How do i do that ?
Typically the established user session would contain claims about the user provided by the OpenID Connect Provider. Those claims can be used in mod_auth_openidc specific Require directives e.g.:
Require claim email:joe@example.org
For more information see: https://github.com/zmartzone/mod_auth_openidc/wiki/Authorization