geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: Security and WebServices
Date Wed, 07 Jan 2009 22:37:18 GMT

On Jan 7, 2009, at 5:03 AM, Jochen Zink wrote:

> Hello,
>
> I want to use geronimos securitysystem together with a JAX-WS 2.1  
> WebService (WAR-File).
>
> My vision ;):
> -	standard security configuration: all URLs like /services/* are  
> secure
> -	Using a standard LoginModule (A Geronimo one or a self written for  
> BinarySecurityTokens)
>
> Is it possible to secure a WebService with the standard  
> Securitymechanism or must the application handle the ws-security  
> header? If the application has to handle it, is it possible to get  
> access to a LoginModule and how does this work?

Can i check that you want to send the credentials inside the xml  
message?  At the moment we don't have any support for that.  In the  
future it may be possible to handle this with a JASPI authentication  
module.

You can get the credentials yourself and log in to a JAAS realm using  
org.apache.geronimo.security.ContextManager.login(realmName,  
callbackHandler) where realmName is the name of a security realm  
you've set up in geronimo and callbackHandler is a callback handler  
you've stuffed the credentials into.  This will log in and install the  
user in the geronimo security framework.  However if your code to do  
this is in the application (such as a filter or servlet) you can't use  
javaee web security constraints because they will have already been  
evaluated by the time control gets to your auth code.  You ought to be  
able to use javaee ejb security with the logged in Subject although I  
haven't tested this for problems I haven't thought of.

hope this helps. please supply more details if appropriate.  I'm  
running into several similar situations recently and more info on what  
people would like to be able to do would be great to figure out how to  
support this.

thanks
david jencks

>
>
> Thanks a lot!
> Regards
> Jochen
>
> __________________________________________________________________
> Deutschlands größte Online-Videothek schenkt Ihnen 12.000 Videos!*
> http://entertainment.web.de/de/entertainment/maxdome/index.html
>


Mime
View raw message