Currently, the authenticated subject is only set by servicemix-http.
You should be able to set it from your own component, by
creating the subject using JAAS and setting it on the NormalizedMessage,
using
the setSecuritySubject method.
You can retrieve an authenticated subject by using the following method:
protected Subject login(final String username, final String password)
throws Exception {
LoginContext context = new LoginContext("servicemix-domain", new
CallbackHandler() {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
((NameCallback) callbacks[i]).setName(username);
} else if (callbacks[i] instanceof PasswordCallback) {
((PasswordCallback) callbacks[i]).setPassword(
password.toCharArray());
} else {
throw new
UnsupportedCallbackException(callbacks[i]);
}
}
}
});
context.login();
return context.getSubject();
}
On 7/28/06, Michael Studman <[EMAIL PROTECTED]> wrote:
Hi Guillaume,
Thanks for the response. I've been poking around the code for JAAS in SM
and it is looking very good!
From what I can tell I should use JAAS at the web service BC for
authentication and then use the secure broker which will act as a JAAS
enforcement point for authorization.
The next question is how can I associate authentication information with
some random service engine I deploy so that they too can access a
service engine I've locked down through a security policy. This bit
wasn't clear to me from the code.
Michael.
-----Original Message-----
From: Guillaume Nodet [mailto:[EMAIL PROTECTED]
Sent: 28 July 2006 12:20
To: [email protected]
Subject: Re: servicemix-http and service endpoints
The only option I see while keeping WS-Addressing is to use
the authentication / authorization mechanism to only allow
some endpoint to be targeted for a given role.
This is not documented yet, but you will find example in
the junit tests.
Else, you could use some kind of content based routing and
have a better control on the targets you allow.
On 7/27/06, Michael Studman <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
>
>
> It seems that when using servicemix-http (M2) to add a WS binding to a
> JBI service, a WS-Addressing "To" header will override the
> service/endpoint name specified in the SU's configuration. This allows
> sending a message to one JBI service's web service but have it
> ultimately delivered to a totally different service.
>
>
>
> I need the WS-Addressing goodness so I can specify the
> operation/interface name through "Action" header but would like to
keep
> a tight rein on exactly what I allow exposed as a web service. Can any
> servicemix developers recommend how I do this?
>
>
>
> Michael.
>
>
>
--
Cheers,
Guillaume Nodet
--
Cheers,
Guillaume Nodet
