geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: [UsernameToken] WS-Security at Server Side in Geronimo
Date Fri, 10 Jul 2009 20:46:59 GMT

On Jul 10, 2009, at 1:04 PM, rahul.soa wrote:

> Hello Devs,
>
> I am configuring the usernameToken* security configuration in  
> geronimo (for CXF). So far, I have configured it for Client side :).
>
> For the server side, I have tried it with hard-coded values and that  
> works. Now, I dont know what *APIs* (server authorization apis or  
> other apis) I should use to authenticate the user based on the  
> usernameToken (username/password). In other words, how can we  
> configure/enable the ws-security (usernameToken) at **server side**  
> in Geronimo?
>
> How and what information we need to pass to enable the ws-security  
> on the server side?
>
> I am stuck on this point and I really need your suggestions and  
> pointers.

If you want a theoretically portable solution you should probably  
investigate writing a jaspi auth module for this.  This would probably  
take a while and at the moment only work with jetty7.

For a geronimo-specific solution you need to:

1. authenticate the user by calling

org.apache.geronimo.security.ContextManager.login(String realm,  
CallbackHandler callbackHandler, Configuration configuration).

or

ContextManager.login(realm, callbackHandler);

Generally for the first call you'd get a Configuration from a  
GenericSecurityRealm component.  If you want something less  
configurable but quicker use the second call; the configuration named  
by the realm name must be already registered with the  
GeronimoLoginConfiguration.

You'll get back a LoginContext containing the authenticated Subject.

2. To make the results available to container managed security call

ContextManager.setCallers(subject, subject);
try {
   //do work, process message, etc etc
}finally {
     ContextManager.clearCallers();
}

hope this helps -- ask if you aren't clear on how to proceed.
david jencks

>
> Please help me in this.
>
> Thank you in advance.
>
> Best Regards,
> Rahul
>
> * to authenticate the user based on the usernameToken (username/ 
> password) in the SOAP header


Mime
View raw message