Thanks Ben, so would suggest rich client security packakge as starting point?
Amad --- Ben Alex <[EMAIL PROTECTED]> wrote: > Amad Fida wrote: > > >Hi, > > > >I am working a project where are using > >spring-richclient on client side, Brightside > Factory > >Remoting(bs-remoting) for remoting, and EJBs (SLSBs > + > >MDBs) on JBoss App server. > > > >We want to make the Authentication plugable to any > SSO > >solution and also want to provide a database driven > >Authentication as well. > > > >We also need to provide some auhorization depending > on > >User and its Roles which are dynamic and defined by > >Administrator through same client. > > > >Basically I need to Autheticate a User and setup > the > >client so they can access what their role is in > >context to data. I am not worried about protecting > >EJBs or their methods at this point. > >I am not sure if and how we can use Acegi in this > >setup. I would really like to take advantage of > Acegi > >but no clear about how. Also I have seen Ben's > >security package in spring-richclient project, but > >looks like you are using spring framework for > remoting > >and services? > > > > > > > > > > > Hi Amad > > The Spring Rich package is remoting protocol > independent. I just quickly > skimmed > http://www.bs-factory.org/components/remotingDoc/authentication.html > and > found the following: > > "Between the 3 ways of transmitting the identity > from a web client to a > server, we have chosen the simplest one : the http > basic authentication. > The login and the password are send in the HTTP > header after a simple > base 64 encoding." > > Thus Acegi Security should happily work with > Brightside, just as if it > were any other BASIC authentication-based remoting > protocol. > > In relation to your other requirements, Acegi > Security already supports > JDBC-defined users and roles. Its > AuthenticationManager and > AuthenticationProvider approach also means it is > completely pluggable in > terms of authentication strategy. Heck, we can even > authenticate by > delegation to JAAS! So whilst Acegi Security only > supports the CAS SSO > solution today, you shouldn't experience any > difficulty writing > additional providers for other SSO solutions as > required in the future. > > Best regards > Ben > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: > Sybase ASE Linux Express Edition - download now for > FREE > LinuxWorld Reader's Choice Award Winner for best > database on Linux. > http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click > _______________________________________________ > Acegisecurity-developer mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
