I think we can provide an authentication hook in form of an interface
that people can implement. Like:
interface UserPasswordAuthenticationProvider {
boolean authenticate(String userName, String password);
}
This could be called by the interceptor to check the authentication.
We would of course also need a way to gather the roles/groups. Either as
a list of roles or as a isInGroup callback.
To store the authentication result the DefaultSecurityContext or the
RolePrefixSecurityContextImpl could be used.
I donĀ“t think we need to reimplement SecurityContext.
Christian
Am 14.06.2011 18:40, schrieb Sergey Beryozkin:
I can actually see the source (thanks to Christian for pointing me to
it :-)) but I'd like to understand what are you trying to do besides
enforcing that BasicAuth is there. I thought you needed to get
username& password and get the custom authentication done by
interacting somehow with your custom SecurityManager, right ? I'm not
sure we can generilize that process in CXF itself, the process of
communicating with the custom SecurityManager - JAAS or/and Spring is
there for that.
--
--
Christian Schneider
http://www.liquid-reality.de
Open Source Architect
Talend Application Integration Division http://www.talend.com
