Ok I will... Will try to make something generic, if the time permits, so we have something reusable.
Let you know how it comes around. On 3/15/07, Tomek Sztelak <[EMAIL PROTECTED]> wrote:
I don't know :) I just assumed that somewhere must be any wss4j documentation :) I mainly used wss4j source code to check some stuff :) , but maybe try to ask on wss4j mailing list. On 3/15/07, Andres Bernasconi <[EMAIL PROTECTED]> wrote: > When you say "WSS4J doc" you mean....¿? this?? > (http://ws.apache.org/wss4j/axis.html)... > > > On 3/15/07, Tomek Sztelak <[EMAIL PROTECTED]> wrote: > > > > Hi > > I don't know any example with SSO demonstrated, but as i remember SAML > > is supported by WSS4J ( used in xfire-ws-security) so you can check > > WSS4J doc for more info. > > Some samples of using ACEGI with XFire you can find on Article page : > > http://xfire.codehaus.org/Articles > > > > On 3/14/07, Andres Bernasconi <[EMAIL PROTECTED]> wrote: > > > List, > > > > > > Do you have any examples of a web service (consumer) that uses WS Single > > > Sign On mechanism as with SAML to send credentials around? If possible > > > (although I don't think this would be much complicated) it uses Acegi > > > Security to allow the application a handle to the Subject, thus allowing > for > > > automatic adding of credentials on outgoing messages from the called web > > > service.. > > > > > > Would be something like this (don't have experience with SAML, so the > > > "language" or even the idea might be inaccurate) : > > > > > > Client Calls a Web Service and authenticates itself. Credentials are > sent to > > > back to the client and stored (somewhere. Ideally Acegi Security should > have > > > them around). > > > > > > Client makes a call to WebService-A. An outHandler automatically gets > the > > > Subject information (including ticket, or whatever) adds SAML Security > > > information to the outgoing message. > > > > > > WebService-A' s inHandler analyzes the SAML Security Information. Based > on > > > it, it creates a Subject with all the roles defined. > > > > > > If WebService-A calls any other web service, the same outhandler as in > the > > > Client is used to send credentials. > > > > > > > > > I was wondering this because: > > > - I do not want passwords going around, not even if they are > encrypted > > > - I need the Subject's role information and name for business logic > > > purposes and auditing. > > > - I want a "pluggable" way to do it, so I don't have to code this > every > > > time I create a web service / client. Just add a jar and configure > spring. > > > > > > Any other feedback, help, pointers, or other ways to do this are, of > course, > > > more than welcome. > > > > > > Regards > > > Andres B. > > > > > > > > > -- > > ----- > > When one of our products stops working, we'll blame another vendor > > within 24 hours. > > > > > --------------------------------------------------------------------- > > To unsubscribe from this list please visit: > > > > http://xircles.codehaus.org/manage_email > > > > > > -- ----- When one of our products stops working, we'll blame another vendor within 24 hours. --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email
