Security managed by the web container of webService client.

anweber — Thu, 15 Feb 2007 12:43:02 GMT

Hello, Is there a way to obtain a solution where the transfer of the user account (userId, password) for the initial connection to the webService layer is managed by the web container of the calling web application? What I try to do is to transmit user credentials from my web application

Re: Security managed by the web container of webService client.

andy — Wed, 21 Feb 2007 18:18:26 GMT

Hi

We have set stuff up with Siteminder and IChains to pick up the user from the "x-user" HTTP header. I have only tested this for the UI authentication, with normal login disabled, and only use with SSL between the front end and the trusting alfresco.

There is no reason why it can not be done for web services.

I am not sure if it is as simple as wiring up the NovellIChainsHTTPRequestAuthenticationFilter for web services, setting the appropriate header with the user info for all web service calls, and then let the filter do the work. I have not tested this.

If authentication is all external, and you secure all the access routes or disable them, you could use the authentication component that allows or denies all users. So in our case you could allow all - then you do not need to know the password. This will work for web service authentication without changing any of the filters.

So if you are all web service you can use the above - if you want to use more then try the filter approach.

Regards

Andy

topic Re: Security managed by the web container of webService client. in Alfresco Archive

Security managed by the web container of webService client.

Re: Security managed by the web container of webService client.