David, With the UsernameToken profile the password can also be sent in a digest form. Can the ContextManager API be used with authenticate with such password? Or is something else needed?
Jarek On Fri, Jul 10, 2009 at 4:46 PM, David Jencks<[email protected]> wrote: > > On Jul 10, 2009, at 1:04 PM, rahul.soa wrote: > > Hello Devs, > > I am configuring the usernameToken* security configuration in geronimo (for > CXF). So far, I have configured it for Client side :). > > For the server side, I have tried it with hard-coded values and that works. > Now, I dont know what *APIs* (server authorization apis or other apis) I > should use to authenticate the user based on the usernameToken > (username/password). In other words, how can we configure/enable the > ws-security (usernameToken) at **server side** in Geronimo? > > How and what information we need to pass to enable the ws-security on the > server side? > > I am stuck on this point and I really need your suggestions and pointers. > > If you want a theoretically portable solution you should probably > investigate writing a jaspi auth module for this. This would probably take > a while and at the moment only work with jetty7. > For a geronimo-specific solution you need to: > 1. authenticate the user by calling > org.apache.geronimo.security.ContextManager.login(String realm, > CallbackHandler callbackHandler, Configuration configuration). > or > ContextManager..login(realm, callbackHandler); > Generally for the first call you'd get a Configuration from a > GenericSecurityRealm component. If you want something less configurable but > quicker use the second call; the configuration named by the realm name must > be already registered with the GeronimoLoginConfiguration. > You'll get back a LoginContext containing the authenticated Subject. > 2. To make the results available to container managed security call > ContextManager.setCallers(subject, subject); > try { > //do work, process message, etc etc > }finally { > ContextManager.clearCallers(); > } > hope this helps -- ask if you aren't clear on how to proceed. > david jencks > > Please help me in this. > > Thank you in advance. > > Best Regards, > Rahul > > * to authenticate the user based on the usernameToken (username/password) in > the SOAP header > >
