Hello again, Sorry to re-visit this thread again, but I am still not clear if we reached any conclusion! Do we just use Acegi or use it with WSSJ?
Can some one please post a complete example - With all the configurations etc? It will be awesome! Thanks Matt Juan José Vázquez Delgado wrote: > > Hi all, > > I love CXF, but IMHO the ws-security module is not good enough solved. I > suspect the responsible is wss4j wich is not too much powerful. > > I´m thinking in using the glassfish XWSS (https://xwss.dev.java.net/) in a > similar way to Spring Web Services ( > http://static.springframework.org/spring-ws/site/). With XWSS you can > setting handlers and validators like for instance an Acegi Handler. > > BR, > > Juanjo. > > On 9/21/07, Eric Miles <[EMAIL PROTECTED]> wrote: >> >> We started some discussion the other day about CXF+Acegi out there the >> other day, but hadn't seen anything since. Any discussion after I sent >> the source code or my findings with integrating the two? >> >> On Tue, 2007-09-18 at 11:18 -0400, Eric Miles wrote: >> > Actually, here is the code. Attached is the WSS4J callback class and >> > the CXF interceptor that uses the Acegi authentication manager for >> > authentication. >> > >> > Pretty simple and straight forward. If you look at the callback >> > handler, you can see my comment regarding the WSS4J engine. I do have >> > one concern in that this solution might not have worked for a digest >> UT. >> > I'll have to revisit as it has been several months since we first >> looked >> > at it. >> > >> > However, this is a spring board for any discussions. (Spring pun not >> > intended) >> > >> > Eric >> > >> > >> > On Tue, 2007-09-18 at 08:10 -0700, mattmadhavan wrote: >> > > Eric, >> > > Do you mind posting a complete example. May be we can have a very >> > > constructive discussions based on that. >> > > >> > > Thanks >> > > Matt >> > > >> > > >> > > >> > > >> > > BigEHokie wrote: >> > > > >> > > > Dan, >> > > > >> > > > What sort of solution are you looking for? We are using an >> > > > Acegi/Spring/CXF implementation at our company where we are using >> > > > WS-Security and Acegi for authentication and AOP/Acegi for >> > > > authorization. We could be interested in contributing. >> > > > >> > > > Thanks, >> > > > Eric >> > > > >> > > > >> > > > On Tue, 2007-09-18 at 00:15 +0200, Dan Diephouse wrote: >> > > >> And I want somebody to contribute a cleaner solution :-D >> > > >> >> > > >> I know there is a lot of stuff we could do with Spring >> Security/Acegi >> > > >> that would be super cool. It'd be a real low barrier way to >> contribute >> > > >> some stuff if anyone is interested. >> > > >> >> > > >> Cheers, >> > > >> - Dan >> > > >> >> > > >> mattmadhavan wrote: >> > > >> > Hi Ray, >> > > >> > No I do not want the client side to tell the server! Thats my >> point. >> > > >> Some >> > > >> > good blogs I have seen, do that! Where the client 'tells' which >> handler >> > > >> to >> > > >> > use! >> > > >> > >> > > >> > I want a cleaner ACEGI+ XFIRE solution! >> > > >> > >> > > >> > Thanks >> > > >> > Matt >> > > >> > >> > > >> > >> > > >> > >> > > >> > Ray Krueger wrote: >> > > >> > >> > > >> > > You want the client to tell the server how to do security? >> That >> > > >> sounds >> > > >> > > crazy :) >> > > >> > > >> > > >> > > Your client side should either be doing http based security or >> > > >> > > ws-security. That doesn't have anything to do with Acegi at >> that >> > > >> > > point. >> > > >> > > >> > > >> > > On 9/14/07, Zarar Siddiqi <[EMAIL PROTECTED]> wrote: >> > > >> > > >> > > >> > > > I'm trying to understand what you're saying but am having >> > > >> difficulty. But >> > > >> > > > here goes: >> > > >> > > > >> > > >> > > > >> > > >> > > > > Can some one point me to some docs on the CXF and ACEGI >> > > >> integration >> > > >> > > > > or CXF and security like authentication and authorization. >> > > >> > > > > >> > > >> > > > I use Acegi for authorization purposes only. IMHO it doesn't >> really >> > > >> make >> > > >> > > > sense for authentication (WS-Security can do that). So I >> use >> the >> > > >> > > > MethodSecurityInterceptor and BeanNameAutoProxyCreator to >> manage >> > > >> calls to >> > > >> > > > my >> > > >> > > > service level methods. The Acegi docs can help you there, >> the only >> > > >> > > > difference I think is that you have to set the >> authentication >> token >> > > >> > > > yourself, e.g.: >> > > >> > > > >> > > >> > > > UsernamePasswordAuthenticationToken token = new >> > > >> > > > UsernamePasswordAuthenticationToken( >> > > >> > > > user.getUsername(), user.getPassword(), >> user.getAuthorities()); >> > > >> > > > // Populate Acegi Security Context >> > > >> > > > SecurityContextHolder.getContext().setAuthentication(token); >> > > >> > > > >> > > >> > > > >> > > >> > > > > I found some blogs on the CXF+ACEGI, but it is Java >> centric. On >> > > >> the >> > > >> > > > > >> > > >> > > > client >> > > >> > > > >> > > >> > > > > side >> > > >> > > > > we need to set the which class handles the security on the >> Server >> > > >> side! >> > > >> > > > > But if >> > > >> > > > > I am using some other language for clients like C# it >> doesn't >> > > >> seem to >> > > >> > > > > >> > > >> > > > be >> > > >> > > > >> > > >> > > > > the proper way! >> > > >> > > > > >> > > >> > > > You can pass the class name which handles security to the >> server >> > > >> (crazy >> > > >> > > > thought I think!) using a header element and then parse it >> using >> > > >> CXF >> > > >> > > > interceptors. >> > > >> > > > >> > > >> > > > Zarar >> > > >> > > > >> > > >> > > > >> > > >> > > > >> > > >> > > > >> > > >> > > > mattmadhavan wrote: >> > > >> > > > >> > > >> > > > > Any Help will be appreciated! >> > > >> > > > > >> > > >> > > > > >> > > >> > > > > >> > > >> > > > > mattmadhavan wrote: >> > > >> > > > > >> > > >> > > > > > Hello, >> > > >> > > > > > Can some one point me to some docs on the CXF and ACEGI >> > > >> integration or >> > > >> > > > > > CXF and security like authentication and authorization. >> Some >> > > >> sample >> > > >> > > > > > >> > > >> > > > app >> > > >> > > > >> > > >> > > > > > will even be great. >> > > >> > > > > > >> > > >> > > > > > I found some blogs on the CXF+ACEGI, but it is Java >> centric. On >> > > >> the >> > > >> > > > > > client side we need to set the which class handles the >> security >> > > >> on the >> > > >> > > > > > Server side! But if I am using some other language for >> clients >> > > >> like C# >> > > >> > > > > > >> > > >> > > > it >> > > >> > > > >> > > >> > > > > > does n't seem to be the proper way! >> > > >> > > > > > >> > > >> > > > > > Any ideas will be greatly appreciated. >> > > >> > > > > > >> > > >> > > > > > Thanks >> > > >> > > > > > Matt >> > > >> > > > > > >> > > >> > > > > > >> > > >> > > > -- >> > > >> > > > View this message in context: >> > > >> > > > http://www.nabble.com/CXF%2BACEGI-tf4436973.html#a12677582 >> > > >> > > > Sent from the cxf-user mailing list archive at Nabble.com. >> > > >> > > > >> > > >> > > > >> > > >> > > > >> > > >> > >> > > >> > >> > > >> >> > > >> >> > > >> -- >> > > >> Dan Diephouse >> > > >> MuleSource >> > > >> http://mulesource.com | http://netzooid.com/blog >> > > > >> > > > >> > > >> > > -- View this message in context: http://www.nabble.com/CXF%2BACEGI-tf4436973.html#a13353960 Sent from the cxf-user mailing list archive at Nabble.com.
