I don't know :) I just assumed that somewhere must be any wss4j documentation :) I mainly used wss4j source code to check some stuff :) , but maybe try to ask on wss4j mailing list.
On 3/15/07, Andres Bernasconi <[EMAIL PROTECTED]> wrote:
When you say "WSS4J doc" you mean....¿? this?? (http://ws.apache.org/wss4j/axis.html)... On 3/15/07, Tomek Sztelak <[EMAIL PROTECTED]> wrote: > > Hi > I don't know any example with SSO demonstrated, but as i remember SAML > is supported by WSS4J ( used in xfire-ws-security) so you can check > WSS4J doc for more info. > Some samples of using ACEGI with XFire you can find on Article page : > http://xfire.codehaus.org/Articles > > On 3/14/07, Andres Bernasconi <[EMAIL PROTECTED]> wrote: > > List, > > > > Do you have any examples of a web service (consumer) that uses WS Single > > Sign On mechanism as with SAML to send credentials around? If possible > > (although I don't think this would be much complicated) it uses Acegi > > Security to allow the application a handle to the Subject, thus allowing for > > automatic adding of credentials on outgoing messages from the called web > > service.. > > > > Would be something like this (don't have experience with SAML, so the > > "language" or even the idea might be inaccurate) : > > > > Client Calls a Web Service and authenticates itself. Credentials are sent to > > back to the client and stored (somewhere. Ideally Acegi Security should have > > them around). > > > > Client makes a call to WebService-A. An outHandler automatically gets the > > Subject information (including ticket, or whatever) adds SAML Security > > information to the outgoing message. > > > > WebService-A' s inHandler analyzes the SAML Security Information. Based on > > it, it creates a Subject with all the roles defined. > > > > If WebService-A calls any other web service, the same outhandler as in the > > Client is used to send credentials. > > > > > > I was wondering this because: > > - I do not want passwords going around, not even if they are encrypted > > - I need the Subject's role information and name for business logic > > purposes and auditing. > > - I want a "pluggable" way to do it, so I don't have to code this every > > time I create a web service / client. Just add a jar and configure spring. > > > > Any other feedback, help, pointers, or other ways to do this are, of course, > > more than welcome. > > > > Regards > > Andres B. > > > > > -- > ----- > When one of our products stops working, we'll blame another vendor > within 24 hours. > > --------------------------------------------------------------------- > To unsubscribe from this list please visit: > > http://xircles.codehaus.org/manage_email > >
-- ----- When one of our products stops working, we'll blame another vendor within 24 hours. --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email
