Hi Ronak,
I cannot really comment on the OpenSSO aspects. If your iPhone App is
incorrect it may not be an issue on the server side?
From the Jersey perspective you can certain override the default
SecurtyContext. But from what you say my gut feeling is that may not
help. Perhaps you could try logging the client requests and server
responses?
Paul.
On Oct 14, 2009, at 1:10 AM, Ronak Patel wrote:
> Paul,
>
> What I'm seeing is that OpenSSO sets the Tomcat security principal
> properly when I hit my JAX-RS Jersey app from a browser window.
>
> It's when I hit my webapp from my iPhone App using OpenSSO's
> identity services that I'm having a problem.
>
> OpenSSO has a security agent that is injected into the loop by a
> servlet filter but it doesn't seem to be able to generate this
> principal.
>
> That leads me to believe that my iPhone App code is incorrect and
> not setting the appropriate cookies.
>
> However, I did see that OpenSSO has an openssoclientsdk that you can
> use to parse out the http headers and obtain a security principal.
>
> So, I was thinking that if I can inject my own @SecurityContext
> implementation using this openssoclientsdk maybe I can get that to
> work. However, I think the Agent would be using this same mechanism
> to generate the principal and if it didn't work there...why should
> it work when I use it?
>
> Ronak
>
> From: Paul Sandoz <Paul.Sandoz_at_Sun.COM>
> To: users_at_jersey.dev.java.net
> Sent: Tue, October 13, 2009 2:36:07 AM
> Subject: Re: [Jersey] OpenSSO Integration
>
> Hi Ronak,
>
> I do not have any experience with OpenSSO. We need some OpenSSO
> experts to respond (there are some listening :-) ).
>
> When you say "not always setting the principal in the container" can
> you provide more information describing the conditions when it does
> and does not work?
>
> Note that Jersey obtains the security information, like the
> Principle, from the HttpServletRequest instance. So it might be than
> OpenSSO does not have appropriate integration with Tomcat's security
> layer.
>
> Paul.
>
> On Oct 12, 2009, at 9:03 PM, Ronak Patel wrote:
>
> > All,
> >
> > I've been trying to get OpenSSO integrated with JAX-RS Jersey and
> I'm having a problem with it that I'm wondering someone else may
> also have had.
> >
> > I have an OpenSSO Agent set up in front of my Jersey applications
> to authenticate and authorize with OpenSSO on Tomcat 6.
> >
> > The weird thing I'm seeing is that OpenSSO is not always setting
> the principal in the container.
> >
> > I was wondering if it would be required to implement my own
> concrete class for the SecurityContext which parses the http headers
> and pulls the Principal from OpenSSO using the OpenSSOclientsdk.
> >
> > Has anyone ever encountered this?
> >
> > Thanks!
> >
> > Ronak
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>
>
>