On Jul 10, 2009, at 1:04 PM, rahul.soa wrote:

Hello Devs,

I am configuring the usernameToken* security configuration in geronimo (for CXF). So far, I have configured it for Client side :).

For the server side, I have tried it with hard-coded values and that works. Now, I dont know what *APIs* (server authorization apis or other apis) I should use to authenticate the user based on the usernameToken (username/password). In other words, how can we configure/enable the ws-security (usernameToken) at **server side** in Geronimo?

How and what information we need to pass to enable the ws-security on the server side?

I am stuck on this point and I really need your suggestions and pointers.

If you want a theoretically portable solution you should probably investigate writing a jaspi auth module for this.  This would probably take a while and at the moment only work with jetty7.

For a geronimo-specific solution you need to:

1. authenticate the user by calling

org.apache.geronimo.security.ContextManager.login(String realm, CallbackHandler callbackHandler, Configuration configuration).  

or

ContextManager..login(realm, callbackHandler);

Generally for the first call you'd get a Configuration from a GenericSecurityRealm component.  If you want something less configurable but quicker use the second call; the configuration named by the realm name must be already registered with the GeronimoLoginConfiguration.

You'll get back a LoginContext containing the authenticated Subject.

2. To make the results available to container managed security call

ContextManager.setCallers(subject, subject);
try {
  //do work, process message, etc etc
}finally {
    ContextManager.clearCallers();
}

hope this helps -- ask if you aren't clear on how to proceed.
david jencks


Please help me in this.

Thank you in advance.

Best Regards,
Rahul

* to authenticate the user based on the usernameToken (username/password) in the SOAP header