原文url:http://axixmiqui.wordpress.com/2008/03/11/adventures-in-grails-ws-security-part-2/
Integrating acegi
It turned out that initial integration of acegi with xfire + WSS was
even easier than hooking up WSS for xfire in Grails. Though I can’t
claim much original work here. In his blog Propagating Acegi’s Security Context in a WSS
UsernameToken SOAP Header via XFire using wss4j Michael Vorbuger
provides everything necessary to get it working.
To get it running I added the three classes from Michael’s code acegi-ws-security-xfire-example
to the appropriate packages in src/java/ in my Grails app.
ch.vorburger.acegiwss.server.PasswordHandler
ch.vorburger.acegiwss.server.ForgivingWSS4jInHandler
ch.vorburger.acegiwss.server.ValidateUserTokenHandler
and changed the inhandlers to use these classes in XfireGrailsPlugin.groovy
.
"xfire.passHandler"(ch.vorburger.acegiwss.server.PasswordHandler) { bean ->
}
"xfire.DOMhandler"(org.codehaus.xfire.util.dom.DOMInHandler) { bean ->
}
"xfire.WSS4JHandler"(ch.vorburger.acegiwss.server.ForgivingWSS4jInHandler) {
properties = ["passwordCallbackRef":ref("xfire.passHandler"),
"action":"UsernameToken"]
}
"xfire.ValidateUserTokenHandler"(ch.vorburger.acegiwss.server.ValidateUserTokenHandler) {}
That makes the SecurityContext avaliable in the service. To see it
work I paraphrased Michael’s example in the test service.
import org.acegisecurity.Authentication
import org.acegisecurity.context.SecurityContextHolder
class TestService {
static expose=['xfire']
boolean transactional = true
String serviceMethod() {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth == null || auth.getName() == null || auth.getName().length() == 0) {
// In a real service, this would be a proper SOAP Fault, NOT an IllegalArgumentException
throw new IllegalArgumentException(NOAUTH_FAULT_TEXT);
}
return "You did it ${auth.getName()}!!!"
}
}
Thats it!
分享到:
相关推荐
adventures-in-ml-code, 这个存储库保存了站点http的所有代码 adventures-in-ml-code这个存储库保存了站点 http://www.adventuresinmachinelearning.com的所有代码。这是 neural_network_tutorial.py 开发的代码,它
Borgaonkar-New-Adventures-In-Spying-3G-And-4G-Users-Locate-Track-And-Monitor
《藏经阁-Adventures-In-Attacking-Wind-Farm-Control-Networks.pdf》这篇文档探讨的主题聚焦在风力发电场控制网络的安全性上,由杰森·斯塔格斯博士,一位专注于控制系统和网络安全的研究员所撰写。他在文中提到了...
在信息技术领域,随着移动通信技术的不断进步,3G和4G网络用户的安全问题受到了广泛关注。Borgaonkar等研究者在他们的作品中详细探讨了针对3G和4G用户的隐私攻击手段,特别是如何定位、追踪和监控用户。...
《藏经阁-The-Adventures-Of-Av-And-The-Leaky-Sandbox.pdf》这份文档探讨了安全领域的一个重要话题:云杀毒软件(AV)如何可能削弱企业端点的安全性。文章由Itzik Kotler和Amit Klein两位安全研究专家撰写,他们...
This book is written for anybody who is ...about how people, animals, things, images and empty space move leads to many adventures. This volume presents the best of them in the domain of everyday motion.
九上牛津版 Unit 7 The Adventures of Tom Sawyer 同步练习及答案 本资源是《九上牛津版》英语教材Unit 7-The Adventures of Tom Sawyer的同步练习及答案,旨在帮助九年级学生巩固英语基础知识和提高语言能力。该...
Sidney的经典教材Adventures in Stochastic Processes,适合有很强数学或概率基础的人学习
TextBook : Adventures Stochastic Processes by Resnick
《Extreme Programming Adventures in C#》一书由Ron Jeffries撰写,是C#设计模式领域的一部佳作,对于深入理解极限编程(Extreme Programming,简称XP)具有重要价值。该书通过一系列的故事和实践,展示了如何在...
本项目"Adventures-Of-Hunter-Game"显然是一个利用 JavaScript 编程语言和 MatterJS 库创建的互动游戏。MatterJS 是一个开源的物理引擎,专为构建2D游戏和交互式应用而设计,它提供了丰富的物理模拟功能,如碰撞检测...
《Adventures in Minecraft》是一本由Martin O'Hanlon和David Whale共同撰写的书籍,首次出版于2015年,由John Wiley and Sons出版社发行。本书旨在帮助读者通过实践性的项目探索和学习Minecraft中的编程和技术应用...
adventures-in-managing-short-lived-systems.pdf', 'cxo-f02_securing-innovation-shifting-the-conversation-from-fear-to-possibility.pdf', 'cxo-f03-business-executive-fundamentals-how-to-beat-the-mbas-at-...
不过,根据标题和描述,我们可以生成一些与《Adventures in Stochastic Processes》这本书相关的知识点。 《Adventures in Stochastic Processes》是由Sidney Resnick所著的一本关于随机过程的书籍。随机过程是...
本项目“Adventures-Tours-and-Vacations”显然关注的是构建一个专注于冒险旅行的网站,旨在吸引那些寻求刺激、热爱探索的旅行者。这个项目可能涉及的内容广泛,包括界面设计、用户体验(UX)、响应式布局、以及与...
The Hardware Hacker Adventures in Making and Breaking Hardware 英文azw3 本资源转载自网络,如有侵权,请联系上传者或csdn删除 本资源转载自网络,如有侵权,请联系上传者或csdn删除
经典英文数学教材 数学专业研究生用书 南开大学数学院 随机过程课程教材之一