I presume you're doing a > ((UserDetails)returnedAuthentication.getPrincipal()).getUsername() > and > setting the > AuthenticationSimpleHttpInvokerRequestExecutor with > the > resulting username and password.
Thats correct! In my case its an extension of CommonsHttpInvokerRequestExecutor and I doing essentially the same. After receiving authentication setting username and password on RequestExecutor. Amad --- Ben Alex <[EMAIL PROTECTED]> wrote: > Amad Fida wrote: > > >Ben, > > > >I am using HttpInvoker and Ihave implemented my own > >RemoteAuthenticationProvider and > >RemoteAuthenticationManager, and I am just > returning > >Authentication all the way back to client. > Principal > >is my custom User which wrappes my domain object > >which is basically a user with some its details, > like > >email, last name , first etc. > >It seems to work fine. Would there be a problem > with > >this approach? > > > >Amad > > > > > > > As long as an Authentication is never returned > unless the correct > credentials for that Authentication are firstly > presented, it should be > fine. I presume you're doing a > ((UserDetails)returnedAuthentication.getPrincipal()).getUsername() > and > setting the > AuthenticationSimpleHttpInvokerRequestExecutor with > the > resulting username and password. > > All the net.sf.acegisecurity.provider.rcp package > does is check a > username/password is correct, and return some > details helpful to the > client (typically GrantedAuthority[]s but > conceivably whatever you > like). The real work of security happens via the > BASIC authentication > headers on remoting requests, which Acegi Security > unwraps at invocation > time and authorizes on the server side. > > Ben > > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT > Products from real users. > Discover which products truly live up to the hype. > Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > _______________________________________________ > Home: http://acegisecurity.sourceforge.net > Acegisecurity-developer mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/ ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
