Hello,
As I tried to state in my previous message, I have a scenario that involves having some custom fields for auth information and I am trying to use spring security with the auth info. I am not using ws security, but would like to support it, fort he new clients,where as the old clients should not be needed to send data with ws security. Further getting into the concept, I tried to implement the handlers such that; 1. Intercept the oncoming message, which has fields like <user>sdsd</user><password>asas<password> 2. Use WSS4JOutInterceptor to add WSSecurity related headers, if headers not present 3. Intercept the same message again with WSS4JINInterceptor, a. and use spring security for checking auth info (this part is unclear yet) b. could use JAAS here instead of WSS4JINInterceptor 4. Using simple auth interceptor to check for methods and roles. The method and role mapping is needed, as different services run different methods. So, the idea, is using custom fields as fields for keeping auth info and constructing ws security related information from these fields. - do you think that makes sense, or am I just messing around ? - I have played around with phases, but have not been able to complete step 2, does anyone have an idea how to do that ? Cheers, Alp
