Hi Ray, No I do not want the client side to tell the server! Thats my point. Some good blogs I have seen, do that! Where the client 'tells' which handler to use!
I want a cleaner ACEGI+ XFIRE solution! Thanks Matt Ray Krueger wrote: > > You want the client to tell the server how to do security? That sounds > crazy :) > > Your client side should either be doing http based security or > ws-security. That doesn't have anything to do with Acegi at that > point. > > On 9/14/07, Zarar Siddiqi <[EMAIL PROTECTED]> wrote: >> >> I'm trying to understand what you're saying but am having difficulty. But >> here goes: >> >> > Can some one point me to some docs on the CXF and ACEGI integration >> > or CXF and security like authentication and authorization. >> >> I use Acegi for authorization purposes only. IMHO it doesn't really make >> sense for authentication (WS-Security can do that). So I use the >> MethodSecurityInterceptor and BeanNameAutoProxyCreator to manage calls to >> my >> service level methods. The Acegi docs can help you there, the only >> difference I think is that you have to set the authentication token >> yourself, e.g.: >> >> UsernamePasswordAuthenticationToken token = new >> UsernamePasswordAuthenticationToken( >> user.getUsername(), user.getPassword(), user.getAuthorities()); >> // Populate Acegi Security Context >> SecurityContextHolder.getContext().setAuthentication(token); >> >> > I found some blogs on the CXF+ACEGI, but it is Java centric. On the >> client >> > side >> > we need to set the which class handles the security on the Server side! >> > But if >> > I am using some other language for clients like C# it doesn't seem to >> be >> > the proper way! >> >> You can pass the class name which handles security to the server (crazy >> thought I think!) using a header element and then parse it using CXF >> interceptors. >> >> Zarar >> >> >> >> >> mattmadhavan wrote: >> > >> > Any Help will be appreciated! >> > >> > >> > >> > mattmadhavan wrote: >> >> >> >> Hello, >> >> Can some one point me to some docs on the CXF and ACEGI integration or >> >> CXF and security like authentication and authorization. Some sample >> app >> >> will even be great. >> >> >> >> I found some blogs on the CXF+ACEGI, but it is Java centric. On the >> >> client side we need to set the which class handles the security on the >> >> Server side! But if I am using some other language for clients like C# >> it >> >> does n't seem to be the proper way! >> >> >> >> Any ideas will be greatly appreciated. >> >> >> >> Thanks >> >> Matt >> >> >> > >> > >> >> -- >> View this message in context: >> http://www.nabble.com/CXF%2BACEGI-tf4436973.html#a12677582 >> Sent from the cxf-user mailing list archive at Nabble.com. >> >> > > -- View this message in context: http://www.nabble.com/CXF%2BACEGI-tf4436973.html#a12679768 Sent from the cxf-user mailing list archive at Nabble.com.
