cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mattmadhavan <mattmadha...@yahoo.com>
Subject Re: CXF+ACEGI + Anybody out there?
Date Mon, 22 Oct 2007 22:33:50 GMT

Hello again,
Sorry to re-visit this thread again, but I am still not clear if we reached
any conclusion! Do we just use Acegi or use it with WSSJ?

Can some one please post a complete example - With all the configurations
etc? It will be awesome!


Thanks
Matt



Juan José Vázquez Delgado wrote:
> 
> Hi all,
> 
> I love CXF, but IMHO the ws-security module is not good enough solved. I
> suspect the responsible is wss4j wich is not too much powerful.
> 
> I´m thinking in using the glassfish XWSS (https://xwss.dev.java.net/) in a
> similar way to Spring Web Services (
> http://static.springframework.org/spring-ws/site/). With XWSS you can
> setting handlers and validators like for instance an Acegi Handler.
> 
> BR,
> 
> Juanjo.
> 
> On 9/21/07, Eric Miles <eric.miles@kronos.com> wrote:
>>
>> We started some discussion the other day about CXF+Acegi out there the
>> other day, but hadn't seen anything since.  Any discussion after I sent
>> the source code or my findings with integrating the two?
>>
>> On Tue, 2007-09-18 at 11:18 -0400, Eric Miles wrote:
>> > Actually, here is the code.  Attached is the WSS4J callback class and
>> > the CXF interceptor that uses the Acegi authentication manager for
>> > authentication.
>> >
>> > Pretty simple and straight forward.  If you look at the callback
>> > handler, you can see my comment regarding the WSS4J engine.  I do have
>> > one concern in that this solution might not have worked for a digest
>> UT.
>> > I'll have to revisit as it has been several months since we first
>> looked
>> > at it.
>> >
>> > However, this is a spring board for any discussions. (Spring pun not
>> > intended)
>> >
>> > Eric
>> >
>> >
>> > On Tue, 2007-09-18 at 08:10 -0700, mattmadhavan wrote:
>> > > Eric,
>> > > Do you mind posting a complete example. May be we can have a very
>> > > constructive discussions based on that.
>> > >
>> > > Thanks
>> > > Matt
>> > >
>> > >
>> > >
>> > >
>> > > BigEHokie wrote:
>> > > >
>> > > > Dan,
>> > > >
>> > > > What sort of solution are you looking for?  We are using an
>> > > > Acegi/Spring/CXF implementation at our company where we are using
>> > > > WS-Security and Acegi for authentication and AOP/Acegi for
>> > > > authorization.  We could be interested in contributing.
>> > > >
>> > > > Thanks,
>> > > > Eric
>> > > >
>> > > >
>> > > > On Tue, 2007-09-18 at 00:15 +0200, Dan Diephouse wrote:
>> > > >> And I want somebody to contribute a cleaner solution :-D
>> > > >>
>> > > >> I know there is a lot of stuff we could do with Spring
>> Security/Acegi
>> > > >> that would be super cool. It'd be a real low barrier way to
>> contribute
>> > > >> some stuff if anyone is interested.
>> > > >>
>> > > >> Cheers,
>> > > >> - Dan
>> > > >>
>> > > >> mattmadhavan wrote:
>> > > >> > Hi Ray,
>> > > >> > No I do not want the client side to tell the server! Thats
my
>> point.
>> > > >> Some
>> > > >> > good blogs I have seen, do that! Where the client 'tells'
which
>> handler
>> > > >> to
>> > > >> > use!
>> > > >> >
>> > > >> > I want a cleaner ACEGI+ XFIRE solution!
>> > > >> >
>> > > >> > Thanks
>> > > >> > Matt
>> > > >> >
>> > > >> >
>> > > >> >
>> > > >> > Ray Krueger wrote:
>> > > >> >
>> > > >> > > You want the client to tell the server how to do security?
>> That
>> > > >> sounds
>> > > >> > > crazy :)
>> > > >> > >
>> > > >> > > Your client side should either be doing http based security
or
>> > > >> > > ws-security. That doesn't have anything to do with Acegi
at
>> that
>> > > >> > > point.
>> > > >> > >
>> > > >> > > On 9/14/07, Zarar Siddiqi <zarars@gmail.com> wrote:
>> > > >> > >
>> > > >> > > > I'm trying to understand what you're saying but
am having
>> > > >> difficulty. But
>> > > >> > > > here goes:
>> > > >> > > >
>> > > >> > > >
>> > > >> > > > > Can some one point me to some docs on the
CXF and ACEGI
>> > > >> integration
>> > > >> > > > > or CXF and security like authentication and
authorization.
>> > > >> > > > >
>> > > >> > > > I use Acegi for authorization purposes only. IMHO
it doesn't
>> really
>> > > >> make
>> > > >> > > > sense for authentication (WS-Security can do that).
 So I
>> use
>> the
>> > > >> > > > MethodSecurityInterceptor and BeanNameAutoProxyCreator
to
>> manage
>> > > >> calls to
>> > > >> > > > my
>> > > >> > > > service level methods.  The Acegi docs can help
you there,
>> the only
>> > > >> > > > difference I think is that you have to set the
>> authentication
>> token
>> > > >> > > > yourself, e.g.:
>> > > >> > > >
>> > > >> > > > UsernamePasswordAuthenticationToken token = new
>> > > >> > > > UsernamePasswordAuthenticationToken(
>> > > >> > > >    user.getUsername(), user.getPassword(),
>> user.getAuthorities());
>> > > >> > > > // Populate Acegi Security Context
>> > > >> > > > SecurityContextHolder.getContext().setAuthentication(token);
>> > > >> > > >
>> > > >> > > >
>> > > >> > > > > I found some blogs on the CXF+ACEGI, but it
is Java
>> centric. On
>> > > >> the
>> > > >> > > > >
>> > > >> > > > client
>> > > >> > > >
>> > > >> > > > > side
>> > > >> > > > > we need to set the which class handles the
security on the
>> Server
>> > > >> side!
>> > > >> > > > > But if
>> > > >> > > > > I am using some other language for clients
like C# it
>> doesn't
>> > > >> seem to
>> > > >> > > > >
>> > > >> > > > be
>> > > >> > > >
>> > > >> > > > > the proper way!
>> > > >> > > > >
>> > > >> > > > You can pass the class name which handles security
to the
>> server
>> > > >> (crazy
>> > > >> > > > thought I think!) using a header element and then
parse it
>> using
>> > > >> CXF
>> > > >> > > > interceptors.
>> > > >> > > >
>> > > >> > > > Zarar
>> > > >> > > >
>> > > >> > > >
>> > > >> > > >
>> > > >> > > >
>> > > >> > > > mattmadhavan wrote:
>> > > >> > > >
>> > > >> > > > > Any Help will be appreciated!
>> > > >> > > > >
>> > > >> > > > >
>> > > >> > > > >
>> > > >> > > > > mattmadhavan wrote:
>> > > >> > > > >
>> > > >> > > > > > Hello,
>> > > >> > > > > > Can some one point me to some docs on
the CXF and ACEGI
>> > > >> integration or
>> > > >> > > > > > CXF and security like authentication
and authorization.
>> Some
>> > > >> sample
>> > > >> > > > > >
>> > > >> > > > app
>> > > >> > > >
>> > > >> > > > > > will even be great.
>> > > >> > > > > >
>> > > >> > > > > > I found some blogs on the CXF+ACEGI,
but it is Java
>> centric. On
>> > > >> the
>> > > >> > > > > > client side we need to set the which
class handles the
>> security
>> > > >> on the
>> > > >> > > > > > Server side! But if I am using some other
language for
>> clients
>> > > >> like C#
>> > > >> > > > > >
>> > > >> > > > it
>> > > >> > > >
>> > > >> > > > > > does n't seem to be the proper way!
>> > > >> > > > > >
>> > > >> > > > > > Any ideas will be greatly appreciated.
>> > > >> > > > > >
>> > > >> > > > > > Thanks
>> > > >> > > > > > Matt
>> > > >> > > > > >
>> > > >> > > > > >
>> > > >> > > > --
>> > > >> > > > View this message in context:
>> > > >> > > > http://www.nabble.com/CXF%2BACEGI-tf4436973.html#a12677582
>> > > >> > > > Sent from the cxf-user mailing list archive at
Nabble.com.
>> > > >> > > >
>> > > >> > > >
>> > > >> > > >
>> > > >> >
>> > > >> >
>> > > >>
>> > > >>
>> > > >> --
>> > > >> Dan Diephouse
>> > > >> MuleSource
>> > > >> http://mulesource.com | http://netzooid.com/blog
>> > > >
>> > > >
>> > >
>>
> 
> 

-- 
View this message in context: http://www.nabble.com/CXF%2BACEGI-tf4436973.html#a13353960
Sent from the cxf-user mailing list archive at Nabble.com.


Mime
View raw message