Amad Fida wrote:
Hi,
I am working a project where are using
spring-richclient on client side, Brightside Factory
Remoting(bs-remoting) for remoting, and EJBs (SLSBs +
MDBs) on JBoss App server.
We want to make the Authentication plugable to any SSO
solution and also want to provide a database driven
Authentication as well.
We also need to provide some auhorization depending on
User and its Roles which are dynamic and defined by
Administrator through same client.
Basically I need to Autheticate a User and setup the
client so they can access what their role is in
context to data. I am not worried about protecting
EJBs or their methods at this point.
I am not sure if and how we can use Acegi in this
setup. I would really like to take advantage of Acegi
but no clear about how. Also I have seen Ben's
security package in spring-richclient project, but
looks like you are using spring framework for remoting
and services?
Hi Amad
The Spring Rich package is remoting protocol independent. I just quickly skimmed http://www.bs-factory.org/components/remotingDoc/authentication.html and found the following:
"Between the 3 ways of transmitting the identity from a web client to a server, we have chosen the simplest one : the http basic authentication. The login and the password are send in the HTTP header after a simple base 64 encoding."
Thus Acegi Security should happily work with Brightside, just as if it were any other BASIC authentication-based remoting protocol.
In relation to your other requirements, Acegi Security already supports JDBC-defined users and roles. Its AuthenticationManager and AuthenticationProvider approach also means it is completely pluggable in terms of authentication strategy. Heck, we can even authenticate by delegation to JAAS! So whilst Acegi Security only supports the CAS SSO solution today, you shouldn't experience any difficulty writing additional providers for other SSO solutions as required in the future.
Best regards Ben
------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
