Re: [xfire-user] http basic auth documentation

Thu, 16 Aug 2007 07:37:06 -0700 

thanks Øyvind (how do you pronounce that?)
I'm using the tomcat MemoryRealm and tomcat-users.xml to do my authentication having given up on SOAP headers (although that has it's own problems!! <http://www.nabble.com/tomcat-memory-realms---tomcat-users.xml-tf4271415.html>). My authentication needs are very simple (just a handful of users and roles that will rarely change), but I have strong requirements for fine-grained role-based access to data. the Acegi library looks excellent, but it's not really what I'm after I think. 


I'd love to use Spring more in this app, but it wasn't included in the 
original design and the current timeframes don't allow for that kind of 
change, unfortunately... :-(


thanks for your advice!

Øyvind Matheson Wergeland wrote:

Matthew,

If you go for basic authentication, you can use request.getRemoteUser() or 
request.getUserPrincipal().


Instead of implemention your own authorization mechanism, you may consider to define your web services in Spring (http://xfire.codehaus.org/Spring) and use Acegi (http://www.acegisecurity.org/) for method and/or object authorization. 


 -Øyvind

-----Original Message-----
From: Matthew Kerle [mailto:[EMAIL PROTECTED]
Sent: Thu 2007-08-16 07:28
To: [email protected]
Subject: Re: [xfire-user] http basic auth documentation

 
doh!
how to get the request/response Objects: 
http://xfire.codehaus.org/HTTP+Transport


HttpServletRequest request = XFireServletController.getRequest();
HttpServletResponse response = XFireServletController.getResponse();

my bad...


now to test passing SOAP headers (still haven't decided which to use, 
Soap headers or http Basic auth)...


Matthew Kerle wrote:

  

thanks Yogesh, that sounds close to what I want! Once I have the 
messagecontext how would I access either HTTP Headers or SOAP headers?



I looked at the API page 
(http://envoisolutions.com/xfire/api/org/codehaus/xfire/MessageContext.html), 
and it's not obvious...


I'm assuming you could do something like:

public String echo(String echo, MessageContext context){
   Element header = context.getCurrentMessage().getHeader()

   //what do you do with the element here to access specific SOAP 
headers, eg - 'user', 'pass'

   // also, what if you wanted the original HttpServletRequest object?
   return echo;
}

thanks again!

    



  
------------------------------------------------------------------------


---------------------------------------------------------------------
To unsubscribe from this list please visit:

    http://xircles.codehaus.org/manage_email

--
* Matthew Kerle
* * IT Consultant *
* Canberra, Australia*

Mobile: +61404 096 863
Email:     [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
Web:      Matthew Kerle <http://threebrightlights.blogspot.com/>


---------------------------------------------------------------------
To unsubscribe from this list please visit:

   http://xircles.codehaus.org/manage_email























					Reply via email to