Navigation
User login
WS-Security w/ JSecurity?
I'm interested in using JSecurity for a project. It looks like it will work great for securing our application, but I was wondering if anyone is using it to authenticate Web Services. I'm using Apache CXF to handle the Web Service requests, and CXF in turn uses Apache WSS4J by default, I believe. Can I use JSecurity with CXF or WSS4J? Would the Web Service requester be treated like any other user in the system once authenticated? Would I be able to authenticate with X.509 Certificates? I'm assuming the UsernameToken authentication method in WS-Security would work well with JSecurity, but I am not sure about the X.509 certificates.
Here's a link to the CXF security overview: http://cwiki.apache.org/CXF20DOC/ws-security.html
I appreciate the help!
Thanks,
David
To append to that, Yes, if
To append to that,
Yes, if you could integrate the two, the web service user would be treated like any other user. JSecurity is client-agnostic and architecturally separated from remoting and protocol mechanisms.
If you try to integrate the two, please keep us posted. We'll help as much as we can along the way, answering questions, etc. Also, feel free to join the jsecurity-user list where you'll receive lots of support.
Thanks!
Les
Re: WS-Security w/ JSecurity?
Hi David,
We don't have any native support for WS-* specifications at the moment, but they are near and dear to our hearts - we want to provide support for this as soon as we're able.
Because JSecurity is client and container-agnostic, it can be easily deployed in a web-services environment, but with manual configuration. For example, I've set up JSecurity in a web-services remoting environment, but I did so in Spring, using Spring bean configuration and their remoting proxy mechanisms.
X.509 is slated for 1.0, out later this year (a date has not been set yet).
If you want to give suggestions or just want to help out, by all means, please do so!
Cheers,
Les