You are viewing a plain text version of this content. The canonical link for it is here.

Posted to wss4j-dev@ws.apache.org by Davide Romanini <d....@cineca.it> on 2006/06/15 15:05:01 UTC

WS-Security and authentication/authorisation frameworks

Hi to all,

I've worked a bit around WS-Security with WSS4J implementation. I'm
interested in the possibility to integrate the WS-Security with
authorisation frameworks like ACEGI Security for Spring.

The problem is: I'd want to use declarative role based authorisation to
protect some business services. I could have users authenticating using
plain SSL via HTTP, and some other user could use WS-Security to access
the same service, through clear HTTP or SMTP, possibly using some other
authentication token (UsernamePasswordToken, SAML...).

I'd want to create some sort of SecurityProcessingFilter to fill in a
valid SecurityContext from the WS-Security headers. There's someone
doing something similar? WSS4J (should) support some callback/hook to do
that thing?

Bye,
Davide Romanini