« Return to Thread: CXF+ACEGI
Re: CXF+ACEGI + Anybody out there?
by Zarar Siddiqi
::
Rate this Message:
I'm trying to understand what you're saying but am having difficulty. But here goes:
> Can some one point me to some docs on the CXF and ACEGI integration
> or CXF and security like authentication and authorization.
I use Acegi for authorization purposes only. IMHO it doesn't really make sense for authentication (WS-Security can do that). So I use the MethodSecurityInterceptor and BeanNameAutoProxyCreator to manage calls to my service level methods. The Acegi docs can help you there, the only difference I think is that you have to set the authentication token yourself, e.g.:
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
user.getUsername(), user.getPassword(), user.getAuthorities());
// Populate Acegi Security Context
SecurityContextHolder.getContext().setAuthentication(token);
> I found some blogs on the CXF+ACEGI, but it is Java centric. On the client side
> we need to set the which class handles the security on the Server side! But if
> I am using some other language for clients like C# it doesn't seem to be the proper way!
You can pass the class name which handles security to the server (crazy thought I think!) using a header element and then parse it using CXF interceptors.
Zarar
> Can some one point me to some docs on the CXF and ACEGI integration
> or CXF and security like authentication and authorization.
I use Acegi for authorization purposes only. IMHO it doesn't really make sense for authentication (WS-Security can do that). So I use the MethodSecurityInterceptor and BeanNameAutoProxyCreator to manage calls to my service level methods. The Acegi docs can help you there, the only difference I think is that you have to set the authentication token yourself, e.g.:
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
user.getUsername(), user.getPassword(), user.getAuthorities());
// Populate Acegi Security Context
SecurityContextHolder.getContext().setAuthentication(token);
> I found some blogs on the CXF+ACEGI, but it is Java centric. On the client side
> we need to set the which class handles the security on the Server side! But if
> I am using some other language for clients like C# it doesn't seem to be the proper way!
You can pass the class name which handles security to the server (crazy thought I think!) using a header element and then parse it using CXF interceptors.
Zarar
Any Help will be appreciated!mattmadhavan wrote:Hello,
Can some one point me to some docs on the CXF and ACEGI integration or CXF and security like authentication and authorization. Some sample app will even be great.
I found some blogs on the CXF+ACEGI, but it is Java centric. On the client side we need to set the which class handles the security on the Server side! But if I am using some other language for clients like C# it does n't seem to be the proper way!
Any ideas will be greatly appreciated.
Thanks
Matt
« Return to Thread: CXF+ACEGI
| Free embeddable forum powered by Nabble | Forum Help |
