axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bell, Douglas" <DB...@boingo.com>
Subject RE: How can I call AXIS specifying username and password?
Date Tue, 02 Jan 2007 18:54:05 GMT
I've done this by tying Acegi in, using a
HttpSessionContextIntegrationFilter will set the security context for
each session, from there you can use a BeanNameAutoProxyCreator on your
service with a MethodSecurityInterceptor to allow or deny access to a
resource based on the users Role.

e.g. 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
	<!-- 
		These are the beans that needs to be protected. 
	-->
	<bean id="acegiService"
class="com.blah.blah.acegi.service.AcegiService"/>
	<!-- 
		This bean defines a proxy for the protected beans.
	 -->
	<bean id="autoProxyCreator"
class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCrea
tor">
		<property name="interceptorNames">
			<list>
				<value>securityInterceptor</value>
			</list>
		</property>
		<property name="beanNames">
			<list>
				<value>acegiService</value>
			</list>
		</property>
		<property name="proxyTargetClass" value="true"/>
	</bean>
	<!-- 
		This bean specifies which roles are authorized to
execute which methods. 
	-->
	<bean id="securityInterceptor"
class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInte
rceptor">
		<property name="authenticationManager"
ref="authenticationManager"/>
		<property name="accessDecisionManager"
ref="accessDecisionManager"/>
		<property name="alwaysReauthenticate" value="true"/>
		<property name="validateConfigAttributes" value="true"/>
		<property name="objectDefinitionSource">
			<value>
	com.blah.blah.acegi.service.AcegiService.*=ROLE_ADMINISTRATOR
      			</value>
		</property>
	</bean>
</beans>

- Doug

-----Original Message-----
From: celia05es [mailto:ebachler@alcatel-lucent.com] 
Sent: Tuesday, January 02, 2007 8:08 AM
To: axis-user@ws.apache.org
Subject: How can I call AXIS specifying username and password?


Hi,
I have defined 2 roles (admin and oper). When the user enters the
application, he enters a username and a password (therefore a role has
been applied to him).
Now, depending on this role, some operations can be denied or simply
different.
So my question is: How can I call AXIS using the username and the
password?
I would like to be able (on the server side) to check which
user/password has been used to connect to AXIS ... depending on that, I
will do one thing or another.

Thank for helping.


Up till now, I used the following :

public static void init()  throws IOException {
    url = new URL(InicializaCliente.BONOServidorURL);
    call = new Call();

   SOAPMappingRegistry smr = new SOAPMappingRegistry();
   StringDeserializer sd = new StringDeserializer();
   smr.mapTypes(Constants.NS_URI_SOAP_ENC,
      new QName("http://schemas.xmlsoap.org.sopa/encoding/","string"),
       String.class,null,sd);
    BeanSerializer beanSer = new BeanSerializer();
    smr.mapTypes(Constants.NS_URI_SOAP_ENC,
        new QName(InicializaCliente.BONOUrn, "ObjResultadoBasico"),
        ObjResultadoBasico.class, beanSer, beanSer);

    call.setSOAPMappingRegistry(smr);
    call.setEncodingStyleURI(Constants.NS_URI_SOAP_ENC);
    call.setTargetObjectURI(InicializaCliente.BONOUrn);
    salidaObjBasico= new ObjResultadoBasico();
  }



As you can see, no username and no password.
--
View this message in context:
http://www.nabble.com/How-can-I-call-AXIS-specifying-username-and-passwo
rd--tf2908656.html#a8126131
Sent from the Axis - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message