As I am new to AXIS there are a lot of things I don't master... so, would it be possible to have a snippet? Let's say I have: App1Server.java that contains viewP1(String p1). If the user has the role of ADMIN the viewP1 will return the value of this parameter. If the user has the role of OPER, viewP1 will return an error code.
Now, on the client side, the user enters the application with a username/password (username, password and role read from a jdbc database). (I use tomcat 5.0.9). Once the user has been identified (both admin and oper can enter the application), let's say that a page is displayed with some parameters values. The display of this page depends on the user privilege. If the role is ADMIN, the parameters can be modified. If the role is OPER, the parameters can only be viewed. So, I would like to have two AXIS authentications... one with the oper privilege and the other with the admin one. Once in the server, depending on the AXIS login I will call a particular functions. Is it possible to do such things?... Is there a way of accessing the user session on the server? (may be it is a stupid question!) celia05es wrote: > > I am quite new to AXIS so I must admit that what you are saying sounds a > little complicated. I will try to look at the example (I suppose the fact > it uses Eclipse is not that important). > > Thanks > > > dbell wrote: >> >> I've done this by tying Acegi in, using a >> HttpSessionContextIntegrationFilter will set the security context for >> each session, from there you can use a BeanNameAutoProxyCreator on your >> service with a MethodSecurityInterceptor to allow or deny access to a >> resource based on the users Role. >> >> e.g. >> >> <?xml version="1.0" encoding="UTF-8"?> >> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" >> "http://www.springframework.org/dtd/spring-beans.dtd";> >> <beans> >> <!-- >> These are the beans that needs to be protected. >> --> >> <bean id="acegiService" >> class="com.blah.blah.acegi.service.AcegiService"/> >> <!-- >> This bean defines a proxy for the protected beans. >> --> >> <bean id="autoProxyCreator" >> class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCrea >> tor"> >> <property name="interceptorNames"> >> <list> >> <value>securityInterceptor</value> >> </list> >> </property> >> <property name="beanNames"> >> <list> >> <value>acegiService</value> >> </list> >> </property> >> <property name="proxyTargetClass" value="true"/> >> </bean> >> <!-- >> This bean specifies which roles are authorized to >> execute which methods. >> --> >> <bean id="securityInterceptor" >> class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInte >> rceptor"> >> <property name="authenticationManager" >> ref="authenticationManager"/> >> <property name="accessDecisionManager" >> ref="accessDecisionManager"/> >> <property name="alwaysReauthenticate" value="true"/> >> <property name="validateConfigAttributes" value="true"/> >> <property name="objectDefinitionSource"> >> <value> >> com.blah.blah.acegi.service.AcegiService.*=ROLE_ADMINISTRATOR >> </value> >> </property> >> </bean> >> </beans> >> >> - Doug >> >> -----Original Message----- >> From: celia05es [mailto:[EMAIL PROTECTED] >> Sent: Tuesday, January 02, 2007 8:08 AM >> To: [email protected] >> Subject: How can I call AXIS specifying username and password? >> >> >> Hi, >> I have defined 2 roles (admin and oper). When the user enters the >> application, he enters a username and a password (therefore a role has >> been applied to him). >> Now, depending on this role, some operations can be denied or simply >> different. >> So my question is: How can I call AXIS using the username and the >> password? >> I would like to be able (on the server side) to check which >> user/password has been used to connect to AXIS ... depending on that, I >> will do one thing or another. >> >> Thank for helping. >> >> >> Up till now, I used the following : >> >> public static void init() throws IOException { >> url = new URL(InicializaCliente.BONOServidorURL); >> call = new Call(); >> >> SOAPMappingRegistry smr = new SOAPMappingRegistry(); >> StringDeserializer sd = new StringDeserializer(); >> smr.mapTypes(Constants.NS_URI_SOAP_ENC, >> new QName("http://schemas.xmlsoap.org.sopa/encoding/","string";), >> String.class,null,sd); >> BeanSerializer beanSer = new BeanSerializer(); >> smr.mapTypes(Constants.NS_URI_SOAP_ENC, >> new QName(InicializaCliente.BONOUrn, "ObjResultadoBasico"), >> ObjResultadoBasico.class, beanSer, beanSer); >> >> call.setSOAPMappingRegistry(smr); >> call.setEncodingStyleURI(Constants.NS_URI_SOAP_ENC); >> call.setTargetObjectURI(InicializaCliente.BONOUrn); >> salidaObjBasico= new ObjResultadoBasico(); >> } >> >> >> >> As you can see, no username and no password. >> -- >> View this message in context: >> http://www.nabble.com/How-can-I-call-AXIS-specifying-username-and-passwo >> rd--tf2908656.html#a8126131 >> Sent from the Axis - User mailing list archive at Nabble.com. >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> > > -- View this message in context: http://www.nabble.com/How-can-I-call-AXIS-specifying-username-and-password--tf2908656.html#a8138371 Sent from the Axis - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
