Ok, I see your point.
gnodet wrote: > > The main problem is that the jsr181 component has not been > designed to receive soap envelopes. The soap protocol should > be handled by the BC. The main reason is that from a JBI point > of view, soap is considered as a protocol, and all protocols should > be handled by BCs. > > ServiceMix uses JACC for authentication and while we do not > have any LDAP login module, it should be easy to adapt the > Geronimo ones on ServiceMix. > > > > Seguy wrote: >> >> Hello, >> I wasn't aware that someone was working in this issue. >> I have done a slight modification of the Jsr181Endpoint( not http >> endpoint)... >> only a new attribute to be able of manage a list of security handlers and >> then >> the descriptor looks like the following code (inside >>> <<<). >> Seems that works ok to manage a user token, but I haven't test yet the >> encryption >> and signature of the envelope. >> >> With this approximation you can sign and encrypt the envelope with your >> response, >> not only decrypt and verify the request envelope. >> In this way you also can write your customized handler for the user >> token, >> say for example writing your own code to validate the user against a ldap >> server. >> >> What you think of this way to achieve WSS4J support ? >> >>>>> >> <jsr181:endpoint >> pojoClass="org.codehaus.xfire.demo.BookService" annotations="none" >> service="demo:simple-service" >> endpoint="simple-service"> >> >> <jsr181:inHandlers> >> <secure:handler >> handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" /> >> <bean >> class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" xmlns=""> >> <property name="properties"> >> <props> >> <prop key="action">UsernameToken</prop> >> <prop >> key="passwordCallbackClass">org.codehaus.xfire.demo.PasswordHandler</prop> >> </props> >> </property> >> </bean> >> <secure:handler >> handlerClass="org.codehaus.xfire.demo.ValidateUserTokenHandler" /> >> </jsr181:inHandlers> >> >> </jsr181:endpoint> >> </beans> >> <<< >> >> > > -- View this message in context: http://www.nabble.com/about-security-question-tf2478893.html#a6950838 Sent from the ServiceMix - User mailing list archive at Nabble.com.
