I wasn't aware that Axis2 could hook into JAAS... when you develop a J2EE web
service, the container takes care of parsing the security header for
credentials and using those credentials to authenticate against a defined login
context (ie., loginModules defined for that login context). If authentication
is successful, a Subject is available for this current call thread. This
Subject is used for determining webApp and EJB authorization. Axis2 does not
provide such integration to my knowledge. It would be great if it did.
Anyone, please correct me if I am wrong.
--Tony
________________________________
From: Joseph L Shimkus [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 18, 2007 8:16 AM
To: [email protected]
Subject: AXIS2 and LoginModule
I have implemented the Rampart module in my AXIS2 webservice with my
own CallbackHandler. However, once authenticated my webservice calls secured
methods on an EJB session bean which fail. It appears that the LoginModule
which normal stores the authenticated principals in context is not doing so, or
not doing so in a way which the EJBs can understand. Since the Rampart
configuration only exposed the CallbackHandler class, I'm unsure what class it
is using or if I'm able to change it.
Does anyone know what the behavior of the Rampart LoginModule is? Or
how I can achieve a call from the web service to a secured EJB method?
Joe Shimkus
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail:
[EMAIL PROTECTED]
