geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jarek Gawor <jga...@gmail.com>
Subject Re: [UsernameToken] WS-Security at Server Side in Geronimo
Date Mon, 13 Jul 2009 18:21:24 GMT
David,

With the UsernameToken profile the password can also be sent in a
digest form. Can the ContextManager API be used with authenticate with
such password? Or is something else needed?

Jarek

On Fri, Jul 10, 2009 at 4:46 PM, David Jencks<david_jencks@yahoo.com> wrote:
>
> On Jul 10, 2009, at 1:04 PM, rahul.soa wrote:
>
> Hello Devs,
>
> I am configuring the usernameToken* security configuration in geronimo (for
> CXF). So far, I have configured it for Client side :).
>
> For the server side, I have tried it with hard-coded values and that works.
> Now, I dont know what *APIs* (server authorization apis or other apis) I
> should use to authenticate the user based on the usernameToken
> (username/password). In other words, how can we configure/enable the
> ws-security (usernameToken) at **server side** in Geronimo?
>
> How and what information we need to pass to enable the ws-security on the
> server side?
>
> I am stuck on this point and I really need your suggestions and pointers.
>
> If you want a theoretically portable solution you should probably
> investigate writing a jaspi auth module for this.  This would probably take
> a while and at the moment only work with jetty7.
> For a geronimo-specific solution you need to:
> 1. authenticate the user by calling
> org.apache.geronimo.security.ContextManager.login(String realm,
> CallbackHandler callbackHandler, Configuration configuration).
> or
> ContextManager..login(realm, callbackHandler);
> Generally for the first call you'd get a Configuration from a
> GenericSecurityRealm component.  If you want something less configurable but
> quicker use the second call; the configuration named by the realm name must
> be already registered with the GeronimoLoginConfiguration.
> You'll get back a LoginContext containing the authenticated Subject.
> 2. To make the results available to container managed security call
> ContextManager.setCallers(subject, subject);
> try {
>   //do work, process message, etc etc
> }finally {
>     ContextManager.clearCallers();
> }
> hope this helps -- ask if you aren't clear on how to proceed.
> david jencks
>
> Please help me in this.
>
> Thank you in advance.
>
> Best Regards,
> Rahul
>
> * to authenticate the user based on the usernameToken (username/password) in
> the SOAP header
>
>

Mime
View raw message