On Jul 10, 2009, at 1:04 PM, rahul.soa wrote:
I am configuring the usernameToken* security configuration in geronimo (for CXF). So far, I have configured it for Client side :).
For the server side, I have tried it with hard-coded values and that works. Now, I dont know what *APIs* (server authorization apis or other apis) I should use to authenticate the user based on the usernameToken (username/password). In other words, how can we configure/enable the ws-security (usernameToken) at **server side** in Geronimo?
How and what information we need to pass to enable the ws-security on the server side?
I am stuck on this point and I really need your suggestions and pointers.
If you want a theoretically portable solution you should probably investigate writing a jaspi auth module for this. This would probably take a while and at the moment only work with jetty7.
For a geronimo-specific solution you need to:
1. authenticate the user by calling
org.apache.geronimo.security.ContextManager.login(String realm, CallbackHandler callbackHandler, Configuration configuration).
Generally for the first call you'd get a Configuration from a GenericSecurityRealm component. If you want something less configurable but quicker use the second call; the configuration named by the realm name must be already registered with the GeronimoLoginConfiguration.
You'll get back a LoginContext containing the authenticated Subject.
2. To make the results available to container managed security call
//do work, process message, etc etc
hope this helps -- ask if you aren't clear on how to proceed.