Re: Configuring inflow and outflow security for multiple clients.

Thu, 22 Oct 2009 08:20:24 -0700 

Hi Siva;
This is the same way you do login to any other application - once you have the user name and password. 


You need to maintain user names and password of your clients in a 
database or some other place - and you need to have your own 
authentication module to talk to the database and authenticate the user.



In password callback handler you simply get the user name and password 
and then call - authenticationModule.authenticate(username,password);


Thanks & regards.
-Prabath

SivaKumarl wrote:

Hi Prabath,
       First of all thanks for your reply, i read your url it wrote by using
LDAP, actually i am using linux server that is my problem, kindly refer once
my callback handler for authentication.
public class PWCBHandler implements CallbackHandler {

    public void handle(Callback[] callbacks) throws IOException,
            UnsupportedCallbackException {
        
        for (int i = 0; i < callbacks.length; i++) {
            WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];

            
            String id = pwcb.getIdentifer();

            if("client".equals(id)) {
                pwcb.setPassword("apache");
            } else if("service".equals(id)) {
                pwcb.setPassword("apache");
            }
        }
    }

}
 Here if i want to set 100 client it's quiet wrost coding, so how to handle
this. can you pls explain.

Prabath Siriwardena-2 wrote:

  

Hi Siva;


It doesn't matter how many client you have - if the service is secured 
all the clients should communicate securely.



Password callback handler will get the user name and password from the 
security layer - once you have user name and password - you simply need 
to validate the provided user name against the user name - it will not 
be coupled to given client. This [1] is such example.


Also , [2] will help you understand Password Callback Handlers better....

Thanks & regards.
-Prabath

[1]:http://blog.facilelogin.com/2008/11/usernametoken-authentication-based-on.html
[2]:http://wso2.org/library/3733





SivaKumarl wrote:

    

Hi friends,
        I have small doubt, if i have 100 clients then how should i
configure in and out flow security in client and server application and
how
could i handle password callback handler for mutiple clients , kindly
give
me suggestion how to handle this situation.

Thanks in advance.
------------------
Siva kumar

  
      



    



  
























					Reply via email to