CXF
 » 
cxf-user

 « Return to Thread: CXF+ACEGI

Re: CXF+ACEGI + Anybody out there?

by Dan Diephouse-2 :: Rate this Message:

Reply to Author | View in Thread

And I want somebody to contribute a cleaner solution :-D

I know there is a lot of stuff we could do with Spring Security/Acegi that would be super cool. It'd be a real low barrier way to contribute some stuff if anyone is interested.

Cheers,
- Dan

mattmadhavan wrote: 
Hi Ray,
No I do not want the client side to tell the server! Thats my point. Some
good blogs I have seen, do that! Where the client 'tells' which handler to
use!

I want a cleaner ACEGI+ XFIRE solution!

Thanks
Matt



Ray Krueger wrote:
  
You want the client to tell the server how to do security? That sounds
crazy :)

Your client side should either be doing http based security or
ws-security. That doesn't have anything to do with Acegi at that
point.

On 9/14/07, Zarar Siddiqi zarars@... wrote:
    
I'm trying to understand what you're saying but am having difficulty. But
here goes:

      
Can some one point me to some docs on the CXF and ACEGI integration
or CXF and security like authentication and authorization.
        
I use Acegi for authorization purposes only. IMHO it doesn't really make
sense for authentication (WS-Security can do that).  So I use the
MethodSecurityInterceptor and BeanNameAutoProxyCreator to manage calls to
my
service level methods.  The Acegi docs can help you there, the only
difference I think is that you have to set the authentication token
yourself, e.g.:

UsernamePasswordAuthenticationToken token = new
UsernamePasswordAuthenticationToken(
   user.getUsername(), user.getPassword(), user.getAuthorities());
// Populate Acegi Security Context
SecurityContextHolder.getContext().setAuthentication(token);

      
I found some blogs on the CXF+ACEGI, but it is Java centric. On the
        
client
      
side
we need to set the which class handles the security on the Server side!
But if
I am using some other language for clients like C# it doesn't seem to
        
be
      
the proper way!
        
You can pass the class name which handles security to the server (crazy
thought I think!) using a header element and then parse it using CXF
interceptors.

Zarar




mattmadhavan wrote:
      
Any Help will be appreciated!



mattmadhavan wrote:
        
Hello,
Can some one point me to some docs on the CXF and ACEGI integration or
CXF and security like authentication and authorization. Some sample
          
app
      
will even be great.

I found some blogs on the CXF+ACEGI, but it is Java centric. On the
client side we need to set the which class handles the security on the
Server side! But if I am using some other language for clients like C#
          
it
      
does n't seem to be the proper way!

Any ideas will be greatly appreciated.

Thanks
Matt

          
        
--
View this message in context:
http://www.nabble.com/CXF%2BACEGI-tf4436973.html#a12677582
Sent from the cxf-user mailing list archive at Nabble.com.


      
    

  


-- 
Dan Diephouse
MuleSource
http://mulesource.com | http://netzooid.com/blog

 « Return to Thread: CXF+ACEGI

Free embeddable forum powered by Nabble Forum Help