I'm curious if anyone could shed some light on how to do the following: I have two grails apps that I've connected via spring's httpinvoker via the grails remoting plugin. I have jsecurity installed on the remote side with a few users/roles. I'd like to create a user for the client grails app to authenticate with so that I can rest assure that only those apps with the proper credentials can use the server's remote procedures.
Basically, anytime my client grails app connects to the remote grails app via spring's httpinvoker, I'd like for the httpinvoker bean to pass along a username/password, obtain a session, and then carry that session for future remote procedure calls (just like in a browser). Otherwise, any unauthenticated calls to the remote grails app's remote procedures should fail. So, in researching this, it appears that jsecurity has a org.jsecurity.spring.remoting package that contains the following classes: SecureRemoteInvocationExecutor (server side) SecureRemoteInvocationFactory (client side) Looking in at the guts of the remoting plugin I have determined that org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter is used on the remote side and org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean is used for the client side. Looking at these classes I see that I can set a property "remoteInvocationExecutor" on the enclosing beans that points to the classes in org.jsecurity.spring.remoting What I'm confused about at this point is how I pass in the username/password from the client-side and I'm also wondering if there's anything to do on the server side? Of course, I could be totally off with all of this and would certainly appreciate someone setting me straight on these issues. Thanks! ~jtriley -- View this message in context: http://n2.nabble.com/integrating-jsecurity-ki-auth-with-spring%27s-httpinvoker-tp2898395p2898395.html Sent from the JSecurity User mailing list archive at Nabble.com.
