how can I use Acegi Security with WebLogic?

[ligw]

:?:
My application is spring-based,and the application server is Weblogic,
But can I use Acegi Security with WebLogic? and how to do?
Thanks!

[Ben Alex]

Acegi Security provides its own authorization interfaces and classes. For the authentication side you have a choice of several approaches:

- Container adapters. This leaves your Servlet container to perform authentication via web.xml security constraints. The resulting Principal is available via the HTTP request, which Acegi Security "reads" and then handles authorization.

- Acegi-handled form user authentication. Basically traditional "form" authentication but fully contained within Acegi Security.

- Acegi-handled BASIC authentication. Basically traditional "BASIC" authentication but fully contained within Acegi Security.

- Acegi-handled CAS authentication. Integrates with Yale CAS (a popular open source single sign on system) but fully contained within Acegi Security (apart from the CAS server, which is just a separate webapp).

If you use any of the "Acegi-handled" options for authentication you do not need to worry about which container you are using. We aim for complete container portability. Most people use an "Acegi-handled" option as it's also far more flexible.

If you use "container adapters" for authentication you will need a suitable adapter. We don't have one for WebLogic (only Resin, JBoss, Jetty and Tomcat). There's no reason you wouldn't be able to write a WebLogic adapter, though.

We recommend you use an "Acegi-handled" option to enjoy container portability and more widely used, supported and maintained code.

[yplakosh]

I have Basic Authentication issue in my application when it was installed into WebLogic 9.2.
But I have found the solution: How to fix Basic Authentication issue on WebLogic 9.2/10.0/10.3 when using Acegi/Spring Security

[honeybunny]

I have a Swing app using HttpClient + HttpInvoker to access web services. Currently I use X509 authentication, but wanted to add username/password authentication to make my application easier to deploy (not everyone is capable of interacting with a CA). The spring security tutorial showed this nice example of HTTP BASIC/TLS which worked for non-browser client applications (as well as browsers), OK great! i'll use that.

Then I ran in to the issue mentioned above (on Weblogic) - its almost as if weblogic is trying to break spring security.

Q: Is there a simple, portable mechanism by which a standalone Java app can authenticate to spring security? If I use DIGEST/TLS, will weblogic still try to intercept it?
Q: Form Auth/TLS seems pretty portable, is there some way to use form based authentication from HttpInvokerService + HttpClient?