Dec 4th, 2007, 02:50 AM
Getting started with Acegi and SOAP
So, I'm new to Acegi, and am looking into using it as a security framework for an application I am helping to develop. I worked through some of the tutorials and have ported a lot of the tutorial code into the app, where it seems to be working just fine.
Unfortunately, one of the big parts of the application is exchanging requests between a web services server and a status server via SOAP. Basically, the idea would be to authenticate on the WS server, which is where Acegi is working right now, and then somehow let the status server know that the request was from an authenticated user (and who that user is) when sending the SOAP request to the status server. I have been looking, but I have not been able to find much about Acegi and SOAP.
Can anyone point me to something that talks about how to do this, or walk me through what kind of setup would be required? I assume certain things need to be added to both the server authenticating the users and the server receiving the SOAP requests.
I can provide the Acegi-related code that I have on the web services server in the morning, when I'm actually back at work, but it's basically just very slight modifications on the tutorial (with the 'secure page' and 'very secure page'), and there's no Acegi-related code on the status server.
Thanks in advance. Anything that can help me get started on this is very much appreciated.
Dec 11th, 2007, 02:27 PM
A couple more things, since there was no response to the first post.
The basic structure that my boss talked to me about is as follows:
Get the username/password combo on the web access server, and pass it to the status server, which will then query the database as to its validity. Can this be done with the AcegiPlainTextPasswordValidationCallbackHandler mentioned in the Spring-WS documentation? Is there anything that does a better job describing how to use this?
We then want to return the authentication object back to the web access server through the SOAP framework so that it can be passed back and forth on future requests to the status server. Is there a good method available for passing the authentication token back and forth using SOAP?