Announcement Announcement Module
Collapse
No announcement yet.
Setting up ACEGI for interapp communication using HTTP invoker? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Setting up ACEGI for interapp communication using HTTP invoker?

    I have 2 applications that need to communicate. I'm (successfully) using HttpInvoker for RMI communicationb between the applications. These are both web applications, each residing on a different server in the same local network.

    Recently I've locked down one of the applications using ACEGI security. Unfortunately, when I try to lock down the remote paths for HTTP invoker access, the 2nd application can no longer make remote calls. This is by design, I understand, but the problem is that I don't know how to configure the second app to grant it access to the first. The second application does not use ACEGI for security itself, but can of course have access to the ACEGI jar as necessary.

    Unfortunately, neither the remoting instructions for Spring nor the ACEGI documentation are particular clear on how to deal with this scenario. Note that this is not like an RCP client; in this case, the client is a managed application, and as such can be configured with some kind of "RunAs" token if necessary.

    Where can I go to find the right information on how to proceed? If I could get a clear picture of exactly what steps were necessary to allow remote authentication, it would be helpful, but everything is scattered amongst various posts, blogs, and other incomplete sources of documentation.

    Here's where things stand so far:
    1. Client app has standard http invokers set up for services:
    <!-- Data List Service -->
    <bean id="listService" class="org.springframework.remoting.httpinvoker.Ht tpInvokerProxyFactoryBean">
    <property name="serviceUrl" value="${remote.baseUrl}/secure/listService"/>
    <property name="serviceInterface" value="com.test.datalists.IDataListService"/>
    </bean>

    2. Server app has /remoting/secure/** locked down.
    3. Server is using these filters:
    /**=httpBasicProcessingFilter,httpSessionContextInt egrationFilter,authenticationProcessingFilter,secu rityEnforcementFilter
    4. Normal authentication works.
    5. Server has a remote authentication manager configured:
    <bean id="remoteAuthenticationManager" class="org.acegisecurity.providers.rcp.RemoteAuthe nticationManagerImpl">
    <property name="authenticationManager" ref="authenticationManager"/>
    </bean>
    <bean id="remoteAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenti cationProvider">
    <property name="userDetailsService">
    <bean id="remoteUserDetailsService" class="org.acegisecurity.userdetails.memory.InMemo ryDaoImpl">
    <property name="userMap">
    <value>remote=remote_auth,ROLE_REMOTE</value>
    </property>
    </bean>
    </property>
    </bean>
    6. Server has remote authentication manager exposed:
    <!-- Remote authorization service -->
    <bean name="/remoteAuthenticationManager" class="org.springframework.remoting.httpinvoker.Ht tpInvokerServiceExporter">
    <property name="service" ref="remoteAuthenticationManager"/>
    <property name="serviceInterface" value="org.acegisecurity.providers.rcp.RemoteAuthe nticationManager"/>
    </bean>
    Note that this service is not locked down by security.

    After that, I'm lost.

    Thanks,

    Drew
Working...
X