Swing client security context
hi,
i've got a problem with using spring security on a java swing client.
there is a web server providing remote methods using
.Code:HttpInvokerServiceExporter
all necessary methods of the service layer on the server side are secured through
on the other side there is a rich client written with java/swing.Code:MethodSecurityInterceptor
accessing the exported service.
so here it comes to my problem:
how do i use the authentication object properly when setting it to the security context?
i am successful with getting an authentication object from the server. but what im i supposed to do with it then?
after calling the following within the exported service:
i can access the secured methods through my client. everything seems fine. when i start a second client (on completely another machine) everything is still fine.Code:SecurityContextHolder.getContext().setAuthentication(myAuthObject);
but when i close one of the clients (so i remove the authenticationObject from the security context), all other clients are not authenticated anymore too.
so this brings me to the conclusion, that there is a single security context on the server and if i revoke the auth object, there is no remote method call possible anymore.Code:An Authentication object was not found in the SecurityContext
if i call
directly in the client code, i immediately get the "no auth object..." exception.Code:SecurityContextHolder.getContext().setAuthentication(myAuthObject);
so where should i put the authentication object, so that every client has its own security context without interfering?
i would really appreciate any help. i've tried a lot of things to get this working but without success.
cheers, chris
Reply With Quote
