Acegi Security with CXF
|
View:
New views
5 Messages
—
Rating Filter:
Alert me
|
 |
Acegi Security with CXF
by Kaleb Walton-2
::
Rate this Message:
Does anyone have an example of authenticating with Acegi Security using a Simple Server? I'd like to pass the authentication token as easily and securely as possible - http://www.vorburger.ch/blog1/2006/10/propagating-acegis-security-context-in.html suggests passing it in the SOAP headers. There is an example at that URL as well but it is for XFire and I'm not sure how those concepts translate over to CXF; additionally the example they use points out its own inefficiency suggesting it should use a custom handler to read the contents of the SOAP message via StAX. Regards, Kaleb |
|
|
Re: Acegi Security with CXF
by RayKrueger
::
Rate this Message:
This might seem like an odd answer, but you can also look at how
Spring-WS does it... http://static.springframework.org/spring-ws/site/reference/html/security.html On 8/27/07, Kaleb Walton <kdwalton@...> wrote: > > > Does anyone have an example of authenticating with Acegi Security using a > Simple Server? > > I'd like to pass the authentication token as easily and securely as > possible - > http://www.vorburger.ch/blog1/2006/10/propagating-acegis-security-context-in.html > suggests passing it in the SOAP headers. There is an example at that URL > as well but it is for XFire and I'm not sure how those concepts translate > over to CXF; additionally the example they use points out its own > inefficiency suggesting it should use a custom handler to read the contents > of the SOAP message via StAX. > > Regards, > Kaleb |
|
|
Re: Acegi Security with CXF
by Fred Dushin-3
::
Rate this Message:
I don't know a lot about acegi, but if you are only talking about propagating a WS-Security UnsernameToken through a SOAP wss:Security header, then yes, CXF is perfectly capable of doing this. Note, however, that you will need to add some code on the consuming side of the message to "validate" the username and password, via WSS4J callback, which you'll also need to configure through Spring. Like XFire, the CXF WS-Security interceptor is based not only on the WSS4J toolkit, but also on the WSS4J Handler architecture (which Axis uses, as well). Not knowing much at all about XFire, I believe the CXF configuration should be pretty strightforwardly mappable to CXF. Shout if you need a sample CXF config. -Fred On Aug 27, 2007, at 3:44 PM, Kaleb Walton wrote: > There is an example at that URL > as well but it is for XFire and I'm not sure how those concepts > translate > over to CXF; additionally the example they use points out its own > inefficiency suggesting it should use a custom handler to read the > contents > of the SOAP message via StAX. |
|
|
Re: Acegi Security with CXF
by vannguyen0
::
Rate this Message:
Fred,
Can I get a sample CFX config? Thanks, Van
|
|
|
Re: Acegi Security with CXF
by Fred Dushin-3
::
Rate this Message:
How's this for the outbound side:
<jaxws:client name="{http://www.apache.org}SoapPort" createdFromAPI="true"> <jaxws:features> <bean class="org.apache.cxf.feature.LoggingFeature"/> </jaxws:features> <jaxws:outInterceptors> <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor"/> <ref bean="UOverT_Request"/> </jaxws:outInterceptors> </jaxws:client> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor" id="UOverT_Request"> <constructor-arg> <map> <entry key="action" value="UsernameToken Timestamp"/> <entry key="user" value="Alice"/> <entry key="passwordCallbackClass" value="demo.hw.client.UTPasswordCallback"/> <entry key="passwordType" value="PasswordText"/> </map> </constructor-arg> </bean> -Fred On Aug 29, 2007, at 1:31 PM, vannguyen0 wrote: > > Fred, > > Can I get a sample CFX config? > > Thanks, > > Van > > > Fred Dushin-3 wrote: >> >> >> I don't know a lot about acegi, but if you are only talking about >> propagating a WS-Security UnsernameToken through a SOAP wss:Security >> header, then yes, CXF is perfectly capable of doing this. >> >> Note, however, that you will need to add some code on the consuming >> side of the message to "validate" the username and password, via >> WSS4J callback, which you'll also need to configure through Spring. >> Like XFire, the CXF WS-Security interceptor is based not only on the >> WSS4J toolkit, but also on the WSS4J Handler architecture (which Axis >> uses, as well). Not knowing much at all about XFire, I believe the >> CXF configuration should be pretty strightforwardly mappable to CXF. >> >> Shout if you need a sample CXF config. >> >> -Fred >> >> On Aug 27, 2007, at 3:44 PM, Kaleb Walton wrote: >> >>> There is an example at that URL >>> as well but it is for XFire and I'm not sure how those concepts >>> translate >>> over to CXF; additionally the example they use points out its own >>> inefficiency suggesting it should use a custom handler to read the >>> contents >>> of the SOAP message via StAX. >> >> >> > > -- > View this message in context: http://www.nabble.com/Acegi-Security- > with-CXF-tf4337860.html#a12391936 > Sent from the cxf-user mailing list archive at Nabble.com. > > |
| Free embeddable forum powered by Nabble | Forum Help |
