Hi all, I love CXF, but IMHO the ws-security module is not good enough solved. I suspect the responsible is wss4j wich is not too much powerful.
I´m thinking in using the glassfish XWSS (https://xwss.dev.java.net/) in a similar way to Spring Web Services ( http://static.springframework.org/spring-ws/site/). With XWSS you can setting handlers and validators like for instance an Acegi Handler. BR, Juanjo. On 9/21/07, Eric Miles <[EMAIL PROTECTED]> wrote: > > We started some discussion the other day about CXF+Acegi out there the > other day, but hadn't seen anything since. Any discussion after I sent > the source code or my findings with integrating the two? > > On Tue, 2007-09-18 at 11:18 -0400, Eric Miles wrote: > > Actually, here is the code. Attached is the WSS4J callback class and > > the CXF interceptor that uses the Acegi authentication manager for > > authentication. > > > > Pretty simple and straight forward. If you look at the callback > > handler, you can see my comment regarding the WSS4J engine. I do have > > one concern in that this solution might not have worked for a digest UT. > > I'll have to revisit as it has been several months since we first looked > > at it. > > > > However, this is a spring board for any discussions. (Spring pun not > > intended) > > > > Eric > > > > > > On Tue, 2007-09-18 at 08:10 -0700, mattmadhavan wrote: > > > Eric, > > > Do you mind posting a complete example. May be we can have a very > > > constructive discussions based on that. > > > > > > Thanks > > > Matt > > > > > > > > > > > > > > > BigEHokie wrote: > > > > > > > > Dan, > > > > > > > > What sort of solution are you looking for? We are using an > > > > Acegi/Spring/CXF implementation at our company where we are using > > > > WS-Security and Acegi for authentication and AOP/Acegi for > > > > authorization. We could be interested in contributing. > > > > > > > > Thanks, > > > > Eric > > > > > > > > > > > > On Tue, 2007-09-18 at 00:15 +0200, Dan Diephouse wrote: > > > >> And I want somebody to contribute a cleaner solution :-D > > > >> > > > >> I know there is a lot of stuff we could do with Spring > Security/Acegi > > > >> that would be super cool. It'd be a real low barrier way to > contribute > > > >> some stuff if anyone is interested. > > > >> > > > >> Cheers, > > > >> - Dan > > > >> > > > >> mattmadhavan wrote: > > > >> > Hi Ray, > > > >> > No I do not want the client side to tell the server! Thats my > point. > > > >> Some > > > >> > good blogs I have seen, do that! Where the client 'tells' which > handler > > > >> to > > > >> > use! > > > >> > > > > >> > I want a cleaner ACEGI+ XFIRE solution! > > > >> > > > > >> > Thanks > > > >> > Matt > > > >> > > > > >> > > > > >> > > > > >> > Ray Krueger wrote: > > > >> > > > > >> > > You want the client to tell the server how to do security? That > > > >> sounds > > > >> > > crazy :) > > > >> > > > > > >> > > Your client side should either be doing http based security or > > > >> > > ws-security. That doesn't have anything to do with Acegi at > that > > > >> > > point. > > > >> > > > > > >> > > On 9/14/07, Zarar Siddiqi <[EMAIL PROTECTED]> wrote: > > > >> > > > > > >> > > > I'm trying to understand what you're saying but am having > > > >> difficulty. But > > > >> > > > here goes: > > > >> > > > > > > >> > > > > > > >> > > > > Can some one point me to some docs on the CXF and ACEGI > > > >> integration > > > >> > > > > or CXF and security like authentication and authorization. > > > >> > > > > > > > >> > > > I use Acegi for authorization purposes only. IMHO it doesn't > really > > > >> make > > > >> > > > sense for authentication (WS-Security can do that). So I use > the > > > >> > > > MethodSecurityInterceptor and BeanNameAutoProxyCreator to > manage > > > >> calls to > > > >> > > > my > > > >> > > > service level methods. The Acegi docs can help you there, > the only > > > >> > > > difference I think is that you have to set the authentication > token > > > >> > > > yourself, e.g.: > > > >> > > > > > > >> > > > UsernamePasswordAuthenticationToken token = new > > > >> > > > UsernamePasswordAuthenticationToken( > > > >> > > > user.getUsername(), user.getPassword(), > user.getAuthorities()); > > > >> > > > // Populate Acegi Security Context > > > >> > > > SecurityContextHolder.getContext().setAuthentication(token); > > > >> > > > > > > >> > > > > > > >> > > > > I found some blogs on the CXF+ACEGI, but it is Java > centric. On > > > >> the > > > >> > > > > > > > >> > > > client > > > >> > > > > > > >> > > > > side > > > >> > > > > we need to set the which class handles the security on the > Server > > > >> side! > > > >> > > > > But if > > > >> > > > > I am using some other language for clients like C# it > doesn't > > > >> seem to > > > >> > > > > > > > >> > > > be > > > >> > > > > > > >> > > > > the proper way! > > > >> > > > > > > > >> > > > You can pass the class name which handles security to the > server > > > >> (crazy > > > >> > > > thought I think!) using a header element and then parse it > using > > > >> CXF > > > >> > > > interceptors. > > > >> > > > > > > >> > > > Zarar > > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > mattmadhavan wrote: > > > >> > > > > > > >> > > > > Any Help will be appreciated! > > > >> > > > > > > > >> > > > > > > > >> > > > > > > > >> > > > > mattmadhavan wrote: > > > >> > > > > > > > >> > > > > > Hello, > > > >> > > > > > Can some one point me to some docs on the CXF and ACEGI > > > >> integration or > > > >> > > > > > CXF and security like authentication and authorization. > Some > > > >> sample > > > >> > > > > > > > > >> > > > app > > > >> > > > > > > >> > > > > > will even be great. > > > >> > > > > > > > > >> > > > > > I found some blogs on the CXF+ACEGI, but it is Java > centric. On > > > >> the > > > >> > > > > > client side we need to set the which class handles the > security > > > >> on the > > > >> > > > > > Server side! But if I am using some other language for > clients > > > >> like C# > > > >> > > > > > > > > >> > > > it > > > >> > > > > > > >> > > > > > does n't seem to be the proper way! > > > >> > > > > > > > > >> > > > > > Any ideas will be greatly appreciated. > > > >> > > > > > > > > >> > > > > > Thanks > > > >> > > > > > Matt > > > >> > > > > > > > > >> > > > > > > > > >> > > > -- > > > >> > > > View this message in context: > > > >> > > > http://www.nabble.com/CXF%2BACEGI-tf4436973.html#a12677582 > > > >> > > > Sent from the cxf-user mailing list archive at Nabble.com. > > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > >> > > > > >> > > > >> > > > >> -- > > > >> Dan Diephouse > > > >> MuleSource > > > >> http://mulesource.com | http://netzooid.com/blog > > > > > > > > > > > >