We started some discussion the other day about CXF+Acegi out there the other day, but hadn't seen anything since. Any discussion after I sent the source code or my findings with integrating the two?
On Tue, 2007-09-18 at 11:18 -0400, Eric Miles wrote: > Actually, here is the code. Attached is the WSS4J callback class and > the CXF interceptor that uses the Acegi authentication manager for > authentication. > > Pretty simple and straight forward. If you look at the callback > handler, you can see my comment regarding the WSS4J engine. I do have > one concern in that this solution might not have worked for a digest UT. > I'll have to revisit as it has been several months since we first looked > at it. > > However, this is a spring board for any discussions. (Spring pun not > intended) > > Eric > > > On Tue, 2007-09-18 at 08:10 -0700, mattmadhavan wrote: > > Eric, > > Do you mind posting a complete example. May be we can have a very > > constructive discussions based on that. > > > > Thanks > > Matt > > > > > > > > > > BigEHokie wrote: > > > > > > Dan, > > > > > > What sort of solution are you looking for? We are using an > > > Acegi/Spring/CXF implementation at our company where we are using > > > WS-Security and Acegi for authentication and AOP/Acegi for > > > authorization. We could be interested in contributing. > > > > > > Thanks, > > > Eric > > > > > > > > > On Tue, 2007-09-18 at 00:15 +0200, Dan Diephouse wrote: > > >> And I want somebody to contribute a cleaner solution :-D > > >> > > >> I know there is a lot of stuff we could do with Spring Security/Acegi > > >> that would be super cool. It'd be a real low barrier way to contribute > > >> some stuff if anyone is interested. > > >> > > >> Cheers, > > >> - Dan > > >> > > >> mattmadhavan wrote: > > >> > Hi Ray, > > >> > No I do not want the client side to tell the server! Thats my point. > > >> Some > > >> > good blogs I have seen, do that! Where the client 'tells' which handler > > >> to > > >> > use! > > >> > > > >> > I want a cleaner ACEGI+ XFIRE solution! > > >> > > > >> > Thanks > > >> > Matt > > >> > > > >> > > > >> > > > >> > Ray Krueger wrote: > > >> > > > >> > > You want the client to tell the server how to do security? That > > >> sounds > > >> > > crazy :) > > >> > > > > >> > > Your client side should either be doing http based security or > > >> > > ws-security. That doesn't have anything to do with Acegi at that > > >> > > point. > > >> > > > > >> > > On 9/14/07, Zarar Siddiqi <[EMAIL PROTECTED]> wrote: > > >> > > > > >> > > > I'm trying to understand what you're saying but am having > > >> difficulty. But > > >> > > > here goes: > > >> > > > > > >> > > > > > >> > > > > Can some one point me to some docs on the CXF and ACEGI > > >> integration > > >> > > > > or CXF and security like authentication and authorization. > > >> > > > > > > >> > > > I use Acegi for authorization purposes only. IMHO it doesn't really > > >> make > > >> > > > sense for authentication (WS-Security can do that). So I use the > > >> > > > MethodSecurityInterceptor and BeanNameAutoProxyCreator to manage > > >> calls to > > >> > > > my > > >> > > > service level methods. The Acegi docs can help you there, the only > > >> > > > difference I think is that you have to set the authentication token > > >> > > > yourself, e.g.: > > >> > > > > > >> > > > UsernamePasswordAuthenticationToken token = new > > >> > > > UsernamePasswordAuthenticationToken( > > >> > > > user.getUsername(), user.getPassword(), user.getAuthorities()); > > >> > > > // Populate Acegi Security Context > > >> > > > SecurityContextHolder.getContext().setAuthentication(token); > > >> > > > > > >> > > > > > >> > > > > I found some blogs on the CXF+ACEGI, but it is Java centric. On > > >> the > > >> > > > > > > >> > > > client > > >> > > > > > >> > > > > side > > >> > > > > we need to set the which class handles the security on the Server > > >> side! > > >> > > > > But if > > >> > > > > I am using some other language for clients like C# it doesn't > > >> seem to > > >> > > > > > > >> > > > be > > >> > > > > > >> > > > > the proper way! > > >> > > > > > > >> > > > You can pass the class name which handles security to the server > > >> (crazy > > >> > > > thought I think!) using a header element and then parse it using > > >> CXF > > >> > > > interceptors. > > >> > > > > > >> > > > Zarar > > >> > > > > > >> > > > > > >> > > > > > >> > > > > > >> > > > mattmadhavan wrote: > > >> > > > > > >> > > > > Any Help will be appreciated! > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > mattmadhavan wrote: > > >> > > > > > > >> > > > > > Hello, > > >> > > > > > Can some one point me to some docs on the CXF and ACEGI > > >> integration or > > >> > > > > > CXF and security like authentication and authorization. Some > > >> sample > > >> > > > > > > > >> > > > app > > >> > > > > > >> > > > > > will even be great. > > >> > > > > > > > >> > > > > > I found some blogs on the CXF+ACEGI, but it is Java centric. On > > >> the > > >> > > > > > client side we need to set the which class handles the security > > >> on the > > >> > > > > > Server side! But if I am using some other language for clients > > >> like C# > > >> > > > > > > > >> > > > it > > >> > > > > > >> > > > > > does n't seem to be the proper way! > > >> > > > > > > > >> > > > > > Any ideas will be greatly appreciated. > > >> > > > > > > > >> > > > > > Thanks > > >> > > > > > Matt > > >> > > > > > > > >> > > > > > > > >> > > > -- > > >> > > > View this message in context: > > >> > > > http://www.nabble.com/CXF%2BACEGI-tf4436973.html#a12677582 > > >> > > > Sent from the cxf-user mailing list archive at Nabble.com. > > >> > > > > > >> > > > > > >> > > > > > >> > > > >> > > > >> > > >> > > >> -- > > >> Dan Diephouse > > >> MuleSource > > >> http://mulesource.com | http://netzooid.com/blog > > > > > > > >
