Acegi can be used on the secure the application the server-side. WS-Security stuff can be used as well.
Your client side application need only present the credentials to the server to say who it wants to log in as. That's not a an Acegi thing, it's really not even a java thing at that point. If you set up Acegi to use BASIC authentication in front of your webapp for example. Any client application (java, C#, doesn't matter); can authenticate to your application via BASIC authentication. That is a standard protocol, it is application independent. Would you mind posting some of the URLs to the articles you're seeing that seem the most interesting? On 9/14/07, Glen Mazza <[EMAIL PROTECTED]> wrote: > Am Freitag, den 14.09.2007, 08:16 -0700 schrieb Zarar Siddiqi: > > UsernamePasswordAuthenticationToken token = new > > UsernamePasswordAuthenticationToken( > > user.getUsername(), user.getPassword(), user.getAuthorities()); > > // Populate Acegi Security Context > > SecurityContextHolder.getContext().setAuthentication(token); > > > > > I found some blogs on the CXF+ACEGI, but it is Java centric. On the client > > > side > > > we need to set the which class handles the security on the Server side! > > > But if > > > I am using some other language for clients like C# it doesn't seem to be > > > the proper way! > > > > You can pass the class name which handles security to the server (crazy > > thought I think!) > > Yes...that does seem strange. I wonder if passing a role instead of a > specific class would be better, and have the business logic of what to > do with that role remain at the server. > > Glen > > > using a header element and then parse it using CXF > > interceptors. > > > > Zarar > > > > >