Hi,
I am using Axis2/rampart webeservice/security stack. The rampart module of
Axis2 will perform WS-Security logistics. However, it knows nothing about how
to integrate with the container's security infrastructure. Therefore, if
rampart presents me with a userid/password from processing webservice security
headers, I would like to be able to hand it over to the JBoss security
infrastructure and let it perform JAAS authentication with the configured
security domain. It looks as easy as doing the following:
Context securityCtx = InitialContext iniCtx = new InitialContext();
securityCtx = (Context) iniCtx.lookup("java:comp/env/security");
SubjectSecurityManager securityMgr = (SubjectSecurityManager)
securityCtx.lookup("securityMgr");
Principal principal = new SimplePrincipal(username);
Subject subject = new Subject();
if (securityMgr.isValid(principal, credentials, subject)) {
// success
}
Is that all there is? If success then I should be able to use the JAAS subject
that will have been populated by the configured loginModules.
I need to investigate JBoss's own webservice stack, JBossWS. Any comparison
between JBossWS and Axis2 would be appreciated. Anyway, I'm guessing JBossWS
does would need to perform similar actions for WS-Security integration into the
JBoss JAAS framework. Is this what they do? Can someone point me to the
integration code? I want to do something portably.
Thank you for any insight.
-Tony
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4039546#4039546
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4039546
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
