I guess I'm interesting in seeing any code that could be shared between
users come into CXF. Specifically, if I remember correctly from the
solutions that I've seen, the WS-Security integration in particular
takes an extra bit of coding. Would be very happy to include your
contributions.
Cheers,
- Dan
Eric Miles wrote:
Dan,
What sort of solution are you looking for? We are using an
Acegi/Spring/CXF implementation at our company where we are using
WS-Security and Acegi for authentication and AOP/Acegi for
authorization. We could be interested in contributing.
Thanks,
Eric
On Tue, 2007-09-18 at 00:15 +0200, Dan Diephouse wrote:
And I want somebody to contribute a cleaner solution :-D
I know there is a lot of stuff we could do with Spring Security/Acegi
that would be super cool. It'd be a real low barrier way to contribute
some stuff if anyone is interested.
Cheers,
- Dan
mattmadhavan wrote:
Hi Ray,
No I do not want the client side to tell the server! Thats my point. Some
good blogs I have seen, do that! Where the client 'tells' which handler to
use!
I want a cleaner ACEGI+ XFIRE solution!
Thanks
Matt
Ray Krueger wrote:
You want the client to tell the server how to do security? That sounds
crazy :)
Your client side should either be doing http based security or
ws-security. That doesn't have anything to do with Acegi at that
point.
On 9/14/07, Zarar Siddiqi <[EMAIL PROTECTED]> wrote:
I'm trying to understand what you're saying but am having difficulty. But
here goes:
Can some one point me to some docs on the CXF and ACEGI integration
or CXF and security like authentication and authorization.
I use Acegi for authorization purposes only. IMHO it doesn't really make
sense for authentication (WS-Security can do that). So I use the
MethodSecurityInterceptor and BeanNameAutoProxyCreator to manage calls to
my
service level methods. The Acegi docs can help you there, the only
difference I think is that you have to set the authentication token
yourself, e.g.:
UsernamePasswordAuthenticationToken token = new
UsernamePasswordAuthenticationToken(
user.getUsername(), user.getPassword(), user.getAuthorities());
// Populate Acegi Security Context
SecurityContextHolder.getContext().setAuthentication(token);
I found some blogs on the CXF+ACEGI, but it is Java centric. On the
client
side
we need to set the which class handles the security on the Server side!
But if
I am using some other language for clients like C# it doesn't seem to
be
the proper way!
You can pass the class name which handles security to the server (crazy
thought I think!) using a header element and then parse it using CXF
interceptors.
Zarar
mattmadhavan wrote:
Any Help will be appreciated!
mattmadhavan wrote:
Hello,
Can some one point me to some docs on the CXF and ACEGI integration or
CXF and security like authentication and authorization. Some sample
app
will even be great.
I found some blogs on the CXF+ACEGI, but it is Java centric. On the
client side we need to set the which class handles the security on the
Server side! But if I am using some other language for clients like C#
it
does n't seem to be the proper way!
Any ideas will be greatly appreciated.
Thanks
Matt
--
View this message in context:
http://www.nabble.com/CXF%2BACEGI-tf4436973.html#a12677582
Sent from the cxf-user mailing list archive at Nabble.com.
--
Dan Diephouse
MuleSource
http://mulesource.com | http://netzooid.com/blog
--
Dan Diephouse
MuleSource
http://mulesource.com | http://netzooid.com/blog
