On Jul 10, 2009, at 1:04 PM, rahul.soa wrote:
Hello Devs,
I am configuring the usernameToken* security configuration in
geronimo (for CXF). So far, I have configured it for Client side :).
For the server side, I have tried it with hard-coded values and that
works. Now, I dont know what *APIs* (server authorization apis or
other apis) I should use to authenticate the user based on the
usernameToken (username/password). In other words, how can we
configure/enable the ws-security (usernameToken) at **server side**
in Geronimo?
How and what information we need to pass to enable the ws-security
on the server side?
I am stuck on this point and I really need your suggestions and
pointers.
If you want a theoretically portable solution you should probably
investigate writing a jaspi auth module for this. This would probably
take a while and at the moment only work with jetty7.
For a geronimo-specific solution you need to:
1. authenticate the user by calling
org.apache.geronimo.security.ContextManager.login(String realm,
CallbackHandler callbackHandler, Configuration configuration).
or
ContextManager.login(realm, callbackHandler);
Generally for the first call you'd get a Configuration from a
GenericSecurityRealm component. If you want something less
configurable but quicker use the second call; the configuration named
by the realm name must be already registered with the
GeronimoLoginConfiguration.
You'll get back a LoginContext containing the authenticated Subject.
2. To make the results available to container managed security call
ContextManager.setCallers(subject, subject);
try {
//do work, process message, etc etc
}finally {
ContextManager.clearCallers();
}
hope this helps -- ask if you aren't clear on how to proceed.
david jencks
Please help me in this.
Thank you in advance.
Best Regards,
Rahul
* to authenticate the user based on the usernameToken (username/
password) in the SOAP header
