cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Pell <ja...@pellcorp.com>
Subject What is best practice for ws security policy and authentication using Spring Security
Date Tue, 14 Feb 2012 04:54:19 GMT
Hi,

When I was using interceptors I utilised the
ws-security.validate.token to disable validation of the username /
password.  Instead I added a UsernamePasswordAuthentication (extends
AbstractUsernameTokenInInterceptor) interceptor which utilised a
spring AuthenticationManager to authenticate the user and create a
spring SecurityContext.

What is the recommended approach for ws policy?  Is the
CallbackHandler the way to do it, or should I be using a custom UT
validator?

I have been looking for best practice in this area but have not found anything.

I have all my ldap configuration setup in spring and all my web
services are using spring @PreAuthorise, so I want to continue to have
this functionality.

I am assuming I probably need to use the callback handler, but wanted
to make sure I was not missing anything.

Mime
View raw message