Re: CXF+ACEGI + Anybody out there?

[Dan Diephouse]

And I want somebody to contribute a cleaner solution :-D I know there is a lot of stuff we could do with Spring Security/Acegi that would be super cool. It'd be a real low barrier way to contribute some stuff if anyone is interested. Cheers, - Dan mattmadhavan wrote: Hi Ray, No I do not want the client side to tell the server! Thats my point. Some good blogs I have seen, do that! Where the client 'tells' which handler to use! I want a cleaner ACEGI+ XFIRE solution! Thanks Matt Ray Krueger wrote: You want the client to tell the server how to do security? That sounds crazy :) Your client side should either be doing http based security or ws-security. That doesn't have anything to do with Acegi at that point. On 9/14/07, Zarar Siddiqi <[EMAIL PROTECTED]> wrote: I'm trying to understand what you're saying but am having difficulty. But here goes: Can some one point me to some docs on the CXF and ACEGI integration or CXF and security like authentication and authorization. I use Acegi for authorization purposes only. IMHO it doesn't really make sense for authentication (WS-Security can do that). So I use the MethodSecurityInterceptor and BeanNameAutoProxyCreator to manage calls to my service level methods. The Acegi docs can help you there, the only difference I think is that you have to set the authentication token yourself, e.g.: UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( user.getUsername(), user.getPassword(), user.getAuthorities()); // Populate Acegi Security Context SecurityContextHolder.getContext().setAuthentication(token); I found some blogs on the CXF+ACEGI, but it is Java centric. On the client side we need to set the which class handles the security on the Server side! But if I am using some other language for clients like C# it doesn't seem to be the proper way! You can pass the class name which handles security to the server (crazy thought I think!) using a header element and then parse it using CXF interceptors. Zarar mattmadhavan wrote: Any Help will be appreciated! mattmadhavan wrote: Hello, Can some one point me to some docs on the CXF and ACEGI integration or CXF and security like authentication and authorization. Some sample app will even be great. I found some blogs on the CXF+ACEGI, but it is Java centric. On the client side we need to set the which class handles the security on the Server side! But if I am using some other language for clients like C# it does n't seem to be the proper way! Any ideas will be greatly appreciated. Thanks Matt -- View this message in context: http://www.nabble.com/CXF%2BACEGI-tf4436973.html#a12677582 Sent from the cxf-user mailing list archive at Nabble.com. -- Dan Diephouse MuleSource http://mulesource.com | http://netzooid.com/blog