great :)
On 3/15/07, Andres Bernasconi <[EMAIL PROTECTED]> wrote:
Ok I will... Will try to make something generic, if the time permits, so we
have something reusable.
Let you know how it comes around.
On 3/15/07, Tomek Sztelak <[EMAIL PROTECTED]> wrote:
> I don't know :) I just assumed that somewhere must be any wss4j
documentation :)
> I mainly used wss4j source code to check some stuff :) , but maybe try
> to ask on wss4j mailing list.
>
>
> On 3/15/07, Andres Bernasconi <[EMAIL PROTECTED] > wrote:
> > When you say "WSS4J doc" you mean....¿? this??
> > (http://ws.apache.org/wss4j/axis.html)...
> >
> >
> > On 3/15/07, Tomek Sztelak < [EMAIL PROTECTED]> wrote:
> > >
> > > Hi
> > > I don't know any example with SSO demonstrated, but as i remember SAML
> > > is supported by WSS4J ( used in xfire-ws-security) so you can check
> > > WSS4J doc for more info.
> > > Some samples of using ACEGI with XFire you can find on Article page :
> > > http://xfire.codehaus.org/Articles
> > >
> > > On 3/14/07, Andres Bernasconi <[EMAIL PROTECTED]> wrote:
> > > > List,
> > > >
> > > > Do you have any examples of a web service (consumer) that uses WS
Single
> > > > Sign On mechanism as with SAML to send credentials around? If
possible
> > > > (although I don't think this would be much complicated) it uses
Acegi
> > > > Security to allow the application a handle to the Subject, thus
allowing
> > for
> > > > automatic adding of credentials on outgoing messages from the called
web
> > > > service..
> > > >
> > > > Would be something like this (don't have experience with SAML, so
the
> > > > "language" or even the idea might be inaccurate) :
> > > >
> > > > Client Calls a Web Service and authenticates itself. Credentials are
> > sent to
> > > > back to the client and stored (somewhere. Ideally Acegi Security
should
> > have
> > > > them around).
> > > >
> > > > Client makes a call to WebService-A. An outHandler automatically
gets
> > the
> > > > Subject information (including ticket, or whatever) adds SAML
Security
> > > > information to the outgoing message.
> > > >
> > > > WebService-A' s inHandler analyzes the SAML Security Information.
Based
> > on
> > > > it, it creates a Subject with all the roles defined.
> > > >
> > > > If WebService-A calls any other web service, the same outhandler as
in
> > the
> > > > Client is used to send credentials.
> > > >
> > > >
> > > > I was wondering this because:
> > > > - I do not want passwords going around, not even if they are
> > encrypted
> > > > - I need the Subject's role information and name for business
logic
> > > > purposes and auditing.
> > > > - I want a "pluggable" way to do it, so I don't have to code this
> > every
> > > > time I create a web service / client. Just add a jar and configure
> > spring.
> > > >
> > > > Any other feedback, help, pointers, or other ways to do this are, of
> > course,
> > > > more than welcome.
> > > >
> > > > Regards
> > > > Andres B.
> > > >
> > >
> > >
> > > --
> > > -----
> > > When one of our products stops working, we'll blame another vendor
> > > within 24 hours.
> > >
> > >
> >
---------------------------------------------------------------------
> > > To unsubscribe from this list please visit:
> > >
> > > http://xircles.codehaus.org/manage_email
> > >
> > >
> >
> >
>
>
> --
> -----
> When one of our products stops working, we'll blame another vendor
> within 24 hours.
>
>
---------------------------------------------------------------------
> To unsubscribe from this list please visit:
>
> http://xircles.codehaus.org/manage_email
>
>
--
-----
When one of our products stops working, we'll blame another vendor
within 24 hours.
---------------------------------------------------------------------
To unsubscribe from this list please visit:
http://xircles.codehaus.org/manage_email
