Eric, Do you mind posting a complete example. May be we can have a very constructive discussions based on that.
Thanks Matt BigEHokie wrote: > > Dan, > > What sort of solution are you looking for? We are using an > Acegi/Spring/CXF implementation at our company where we are using > WS-Security and Acegi for authentication and AOP/Acegi for > authorization. We could be interested in contributing. > > Thanks, > Eric > > > On Tue, 2007-09-18 at 00:15 +0200, Dan Diephouse wrote: >> And I want somebody to contribute a cleaner solution :-D >> >> I know there is a lot of stuff we could do with Spring Security/Acegi >> that would be super cool. It'd be a real low barrier way to contribute >> some stuff if anyone is interested. >> >> Cheers, >> - Dan >> >> mattmadhavan wrote: >> > Hi Ray, >> > No I do not want the client side to tell the server! Thats my point. >> Some >> > good blogs I have seen, do that! Where the client 'tells' which handler >> to >> > use! >> > >> > I want a cleaner ACEGI+ XFIRE solution! >> > >> > Thanks >> > Matt >> > >> > >> > >> > Ray Krueger wrote: >> > >> > > You want the client to tell the server how to do security? That >> sounds >> > > crazy :) >> > > >> > > Your client side should either be doing http based security or >> > > ws-security. That doesn't have anything to do with Acegi at that >> > > point. >> > > >> > > On 9/14/07, Zarar Siddiqi <[EMAIL PROTECTED]> wrote: >> > > >> > > > I'm trying to understand what you're saying but am having >> difficulty. But >> > > > here goes: >> > > > >> > > > >> > > > > Can some one point me to some docs on the CXF and ACEGI >> integration >> > > > > or CXF and security like authentication and authorization. >> > > > > >> > > > I use Acegi for authorization purposes only. IMHO it doesn't really >> make >> > > > sense for authentication (WS-Security can do that). So I use the >> > > > MethodSecurityInterceptor and BeanNameAutoProxyCreator to manage >> calls to >> > > > my >> > > > service level methods. The Acegi docs can help you there, the only >> > > > difference I think is that you have to set the authentication token >> > > > yourself, e.g.: >> > > > >> > > > UsernamePasswordAuthenticationToken token = new >> > > > UsernamePasswordAuthenticationToken( >> > > > user.getUsername(), user.getPassword(), user.getAuthorities()); >> > > > // Populate Acegi Security Context >> > > > SecurityContextHolder.getContext().setAuthentication(token); >> > > > >> > > > >> > > > > I found some blogs on the CXF+ACEGI, but it is Java centric. On >> the >> > > > > >> > > > client >> > > > >> > > > > side >> > > > > we need to set the which class handles the security on the Server >> side! >> > > > > But if >> > > > > I am using some other language for clients like C# it doesn't >> seem to >> > > > > >> > > > be >> > > > >> > > > > the proper way! >> > > > > >> > > > You can pass the class name which handles security to the server >> (crazy >> > > > thought I think!) using a header element and then parse it using >> CXF >> > > > interceptors. >> > > > >> > > > Zarar >> > > > >> > > > >> > > > >> > > > >> > > > mattmadhavan wrote: >> > > > >> > > > > Any Help will be appreciated! >> > > > > >> > > > > >> > > > > >> > > > > mattmadhavan wrote: >> > > > > >> > > > > > Hello, >> > > > > > Can some one point me to some docs on the CXF and ACEGI >> integration or >> > > > > > CXF and security like authentication and authorization. Some >> sample >> > > > > > >> > > > app >> > > > >> > > > > > will even be great. >> > > > > > >> > > > > > I found some blogs on the CXF+ACEGI, but it is Java centric. On >> the >> > > > > > client side we need to set the which class handles the security >> on the >> > > > > > Server side! But if I am using some other language for clients >> like C# >> > > > > > >> > > > it >> > > > >> > > > > > does n't seem to be the proper way! >> > > > > > >> > > > > > Any ideas will be greatly appreciated. >> > > > > > >> > > > > > Thanks >> > > > > > Matt >> > > > > > >> > > > > > >> > > > -- >> > > > View this message in context: >> > > > http://www.nabble.com/CXF%2BACEGI-tf4436973.html#a12677582 >> > > > Sent from the cxf-user mailing list archive at Nabble.com. >> > > > >> > > > >> > > > >> > >> > >> >> >> -- >> Dan Diephouse >> MuleSource >> http://mulesource.com | http://netzooid.com/blog > > -- View this message in context: http://www.nabble.com/CXF%2BACEGI-tf4436973.html#a12759141 Sent from the cxf-user mailing list archive at Nabble.com.
