Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Security managed by the web container of webService client.

anweber
Champ in-the-making
Champ in-the-making

‎02-15-2007 07:43 AM

Hello,

       Is there a way to obtain a solution where the transfer of the user account (userId, password) for the initial connection to the webService layer is managed by the web container of the calling web application?

       What I try to do is to transmit user credentials from my web application to a webService of Alfresco.  I will try to be more precise.  I have to fournish a web application (in fact it's a portal application in WebLogic Portal) communicating with Alfresco through the webServices layer.  The first call to this layer, will be a connection  : some thing like authenticationService.connect(user, password) and it returns a ticket.  I want to use the account of the current user of my web application.  Of course, I can ask the name of the current user to my web container but I can't obtain his password.  My feeling is that it should be managed by the webContainer. But it is possible?  Is the way Alfresco use WSSE during the connection stage standard enough?

          Many thanks for your help,

                    Andre
Labels:
0 Kudos
1 REPLY 1

andy
Champ on-the-rise
Champ on-the-rise

‎02-21-2007 01:18 PM

Hi

We have set stuff up with Siteminder and IChains to pick up the user from the "x-user" HTTP header. I have only tested this for the UI authentication, with normal login disabled, and only use with SSL between the front end and the trusting alfresco.

There is no reason why it can not be done for web services.

I am not sure if it is as simple as wiring up the NovellIChainsHTTPRequestAuthenticationFilter for web services, setting the appropriate header with the user info for all web service calls, and then let the filter do the work. I have not tested this.

If authentication is all external, and you secure all the access routes or disable them, you could use the authentication component that allows or denies all users. So in our case you could allow all - then you do not need to know the password. This will work for web service authentication without changing any of the filters.

So if you are all web service you can use the above - if you want to use more then try the filter approach.

Regards

Andy
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC