Hi to all, I've worked a bit around WS-Security with WSS4J implementation. I'm interested in the possibility to integrate the WS-Security with authorisation frameworks like ACEGI Security for Spring.
The problem is: I'd want to use declarative role based authorisation to protect some business services. I could have users authenticating using plain SSL via HTTP, and some other user could use WS-Security to access the same service, through clear HTTP or SMTP, possibly using some other authentication token (UsernamePasswordToken, SAML...). I'd want to create some sort of SecurityProcessingFilter to fill in a valid SecurityContext from the WS-Security headers. There's someone doing something similar? WSS4J (should) support some callback/hook to do that thing? Bye, Davide Romanini
signature.asc
Description: Questa รจ una parte del messaggio firmata digitalmente
