we do have an issue in jira - https://issues.apache.org/jira/browse/AXIS2-164
-- dims On 4/18/07, Tony Dean <[EMAIL PROTECTED]> wrote:
I wasn't aware that Axis2 could hook into JAAS... when you develop a J2EE web service, the container takes care of parsing the security header for credentials and using those credentials to authenticate against a defined login context (ie., loginModules defined for that login context). If authentication is successful, a Subject is available for this current call thread. This Subject is used for determining webApp and EJB authorization. Axis2 does not provide such integration to my knowledge. It would be great if it did. Anyone, please correct me if I am wrong. --Tony ________________________________ From: Joseph L Shimkus [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 18, 2007 8:16 AM To: [email protected] Subject: AXIS2 and LoginModule I have implemented the Rampart module in my AXIS2 webservice with my own CallbackHandler. However, once authenticated my webservice calls secured methods on an EJB session bean which fail. It appears that the LoginModule which normal stores the authenticated principals in context is not doing so, or not doing so in a way which the EJBs can understand. Since the Rampart configuration only exposed the CallbackHandler class, I'm unsure what class it is using or if I'm able to change it. Does anyone know what the behavior of the Rampart LoginModule is? Or how I can achieve a call from the web service to a secured EJB method? Joe Shimkus --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- Davanum Srinivas :: http://wso2.org/ :: Oxygen for Web Services Developers --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
