Dan, What sort of solution are you looking for? We are using an Acegi/Spring/CXF implementation at our company where we are using WS-Security and Acegi for authentication and AOP/Acegi for authorization. We could be interested in contributing.
Thanks, Eric On Tue, 2007-09-18 at 00:15 +0200, Dan Diephouse wrote: > And I want somebody to contribute a cleaner solution :-D > > I know there is a lot of stuff we could do with Spring Security/Acegi > that would be super cool. It'd be a real low barrier way to contribute > some stuff if anyone is interested. > > Cheers, > - Dan > > mattmadhavan wrote: > > Hi Ray, > > No I do not want the client side to tell the server! Thats my point. Some > > good blogs I have seen, do that! Where the client 'tells' which handler to > > use! > > > > I want a cleaner ACEGI+ XFIRE solution! > > > > Thanks > > Matt > > > > > > > > Ray Krueger wrote: > > > > > You want the client to tell the server how to do security? That sounds > > > crazy :) > > > > > > Your client side should either be doing http based security or > > > ws-security. That doesn't have anything to do with Acegi at that > > > point. > > > > > > On 9/14/07, Zarar Siddiqi <[EMAIL PROTECTED]> wrote: > > > > > > > I'm trying to understand what you're saying but am having difficulty. > > > > But > > > > here goes: > > > > > > > > > > > > > Can some one point me to some docs on the CXF and ACEGI integration > > > > > or CXF and security like authentication and authorization. > > > > > > > > > I use Acegi for authorization purposes only. IMHO it doesn't really make > > > > sense for authentication (WS-Security can do that). So I use the > > > > MethodSecurityInterceptor and BeanNameAutoProxyCreator to manage calls > > > > to > > > > my > > > > service level methods. The Acegi docs can help you there, the only > > > > difference I think is that you have to set the authentication token > > > > yourself, e.g.: > > > > > > > > UsernamePasswordAuthenticationToken token = new > > > > UsernamePasswordAuthenticationToken( > > > > user.getUsername(), user.getPassword(), user.getAuthorities()); > > > > // Populate Acegi Security Context > > > > SecurityContextHolder.getContext().setAuthentication(token); > > > > > > > > > > > > > I found some blogs on the CXF+ACEGI, but it is Java centric. On the > > > > > > > > > client > > > > > > > > > side > > > > > we need to set the which class handles the security on the Server > > > > > side! > > > > > But if > > > > > I am using some other language for clients like C# it doesn't seem to > > > > > > > > > be > > > > > > > > > the proper way! > > > > > > > > > You can pass the class name which handles security to the server (crazy > > > > thought I think!) using a header element and then parse it using CXF > > > > interceptors. > > > > > > > > Zarar > > > > > > > > > > > > > > > > > > > > mattmadhavan wrote: > > > > > > > > > Any Help will be appreciated! > > > > > > > > > > > > > > > > > > > > mattmadhavan wrote: > > > > > > > > > > > Hello, > > > > > > Can some one point me to some docs on the CXF and ACEGI integration > > > > > > or > > > > > > CXF and security like authentication and authorization. Some sample > > > > > > > > > > app > > > > > > > > > > will even be great. > > > > > > > > > > > > I found some blogs on the CXF+ACEGI, but it is Java centric. On the > > > > > > client side we need to set the which class handles the security on > > > > > > the > > > > > > Server side! But if I am using some other language for clients like > > > > > > C# > > > > > > > > > > it > > > > > > > > > > does n't seem to be the proper way! > > > > > > > > > > > > Any ideas will be greatly appreciated. > > > > > > > > > > > > Thanks > > > > > > Matt > > > > > > > > > > > > > > > > -- > > > > View this message in context: > > > > http://www.nabble.com/CXF%2BACEGI-tf4436973.html#a12677582 > > > > Sent from the cxf-user mailing list archive at Nabble.com. > > > > > > > > > > > > > > > > > > > -- > Dan Diephouse > MuleSource > http://mulesource.com | http://netzooid.com/blog
