I've done this by tying Acegi in, using a HttpSessionContextIntegrationFilter will set the security context for each session, from there you can use a BeanNameAutoProxyCreator on your service with a MethodSecurityInterceptor to allow or deny access to a resource based on the users Role.
e.g. <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd";> <beans> <!-- These are the beans that needs to be protected. --> <bean id="acegiService" class="com.blah.blah.acegi.service.AcegiService"/> <!-- This bean defines a proxy for the protected beans. --> <bean id="autoProxyCreator" class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCrea tor"> <property name="interceptorNames"> <list> <value>securityInterceptor</value> </list> </property> <property name="beanNames"> <list> <value>acegiService</value> </list> </property> <property name="proxyTargetClass" value="true"/> </bean> <!-- This bean specifies which roles are authorized to execute which methods. --> <bean id="securityInterceptor" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInte rceptor"> <property name="authenticationManager" ref="authenticationManager"/> <property name="accessDecisionManager" ref="accessDecisionManager"/> <property name="alwaysReauthenticate" value="true"/> <property name="validateConfigAttributes" value="true"/> <property name="objectDefinitionSource"> <value> com.blah.blah.acegi.service.AcegiService.*=ROLE_ADMINISTRATOR </value> </property> </bean> </beans> - Doug -----Original Message----- From: celia05es [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 02, 2007 8:08 AM To: [email protected] Subject: How can I call AXIS specifying username and password? Hi, I have defined 2 roles (admin and oper). When the user enters the application, he enters a username and a password (therefore a role has been applied to him). Now, depending on this role, some operations can be denied or simply different. So my question is: How can I call AXIS using the username and the password? I would like to be able (on the server side) to check which user/password has been used to connect to AXIS ... depending on that, I will do one thing or another. Thank for helping. Up till now, I used the following : public static void init() throws IOException { url = new URL(InicializaCliente.BONOServidorURL); call = new Call(); SOAPMappingRegistry smr = new SOAPMappingRegistry(); StringDeserializer sd = new StringDeserializer(); smr.mapTypes(Constants.NS_URI_SOAP_ENC, new QName("http://schemas.xmlsoap.org.sopa/encoding/","string";), String.class,null,sd); BeanSerializer beanSer = new BeanSerializer(); smr.mapTypes(Constants.NS_URI_SOAP_ENC, new QName(InicializaCliente.BONOUrn, "ObjResultadoBasico"), ObjResultadoBasico.class, beanSer, beanSer); call.setSOAPMappingRegistry(smr); call.setEncodingStyleURI(Constants.NS_URI_SOAP_ENC); call.setTargetObjectURI(InicializaCliente.BONOUrn); salidaObjBasico= new ObjResultadoBasico(); } As you can see, no username and no password. -- View this message in context: http://www.nabble.com/How-can-I-call-AXIS-specifying-username-and-passwo rd--tf2908656.html#a8126131 Sent from the Axis - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
