Thanks Robert your advice put me on the right track... I ended up using an login(username, password) method for authentication then wired in a MethodSecurityInterceptor to take care of checking access based on the authenticated users granted authorities.
Thanks Again, - Doug -----Original Message----- From: robert lazarski [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 16, 2006 5:37 AM To: axis-user@ws.apache.org Subject: Re: Has anyone used Acegi Security with Axis? I know both acegi / spring and handlers a bit so perhaps I can help. Are you using Axis2 ? In this case there is not much difference, although I myself no longer use axis 1.x . While my experience is with acegi .9x , I notice now there is a 1.0 release and the docs do reference web services but not handlers. My general advice: 1) Consider just using a web service such as login() to authorize / authenticate and then use an UUID to mantain state much as jsessionid does for the acegi SecurityContextHolder . You can then programatically login via acegi . That's the approach I used instead of handlers. I've used handlers to authenticate via jaas on other projects and I've convinced myself the uuid approach is simpler. 2) Search the spring / acegi forums. This topic has come up before, and I believe I participated in the discusssions once or twice. 3) If you use a Handler , one issue you may hit is how to wire it to Spring ? Once you got it wired, you could follow the strategy I outlined in step 1 . One way you could wire it is to use the ApplicationContextAware interface . This is described in the tutorial of how to use axis2 in a non-servlet container environment: http://svn.apache.org/repos/asf/webservices/axis2/trunk/java/xdocs/lates t/spring.html If you do use axis2 , I at least would be interested in the progress so that perhaps we could document it or even look at integrating it into rampart (axis2 security) . HTH, Robert http://www.braziloutsource.com/ On 8/15/06, Bell, Douglas <[EMAIL PROTECTED]> wrote: > > > I'm trying to use Acegi Security to handle authentication and > authorization but am having a heck of a time... Any chance someone out > there has done this and can point me to some reference material or a > reference implementation they can pass my way? > > Thanks, > > Doug --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]