I'm trying to use Xfire with Jboss and so far so good. I'm having a
hard time understanding the best way to plug our webservices into jboss
securely. I would like to use WS-Security, and for now, just the
UsernameToken and PasswordToken methodology. I'd also like the actual
authentication to be performed by the Jboss container -- perhaps using a
Jboss login module. Has anyone successfully done this? I'm familiar
with this page:
*
http://xfire.codehaus.org/WS-Security*
This page describes the use of the
org.codehaus.xfire.security.wss4j.WSS4JInHandler handler and the
passwordCallback, but ultimately, I would like to use the same login
modules for both standard webapplications as well as web service
applications. Is this even possible?
A follow on question is whether or not I even need to use the Jboss
container security at all. My understanding is that I get a bunch of
benefit if I do, including a credential cache, single sign on across the
container etc. Thanks in advance.
Paul Truax
-----------------------------------------
The information contained in this e-mail message is intended only
for the personal and confidential use of the recipient(s) named
above. This message may be an attorney-client communication and/or
work product and as such is privileged and confidential. If the
reader of this message is not the intended recipient or an agent
responsible for delivering it to the intended recipient, you are
hereby notified that you have received this document in error and
that any review, dissemination, distribution, or copying of this
message is strictly prohibited. If you have received this
communication in error, please notify us immediately by e-mail, and
delete the original message.
