In a scenario with spring-ws, we need to verify that a given user is allowed
access to the service:
* The username/password-combination must be valid, according to the current
realm
* The user (principal) must be member of a given group
("ws-authorized-users")
We don't want to "log in", with sessions and other housekeeping, but just
verify that the credentials are valid and that the user has the required
group membership.
-> What is the best way to achieve this?
Coming from the weblogic side of things, this is pretty easy to achive:
* First, set up a login service in login.conf: "wsLoginService {
weblogic.security.auth.login.UsernamePasswordLoginModule required; }"
* Then, use JAAS to set up a LoginContext to the module, use context.login()
to validate username/password and context.getSubject().getPrincipals() for
the list of groups
The weblogic UsernamePasswordLoginModule delegates to the default realm, and
handles all the minute details for us. It's quite sweet, actually, but I
can't seem to find anything similar in glassfish?!
Eirik
--
[Message sent by forum member 'elygre']
View Post: http://forums.java.net/node/879615