Announcement Announcement Module
No announcement yet.
Acegi WPS Web Service Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Acegi WPS Web Service

    Based on a new Web Services Specification which called 'WPS' (nothing reladed to SOAP, it is actually a brand new XML protocol to support Web Service for geospatial), I would like to provide some securities through Acegi.
    I've done the implementation with the SPRING Framework.

    Web Service are usually 'anonymous' through Internet but in some cases, we will need to make sure that some WPS Web Service Operations will be ran by some users identifier by our group but still accessable from the Intenet.

    Here is an example of URL call:

    Case 1)

    NB: The 'service.wps' is my pattern entry point, the 'OperationA' is actually the process to execute with arguments following "?na...".

    In this case, it will execute and give back an response...simple

    Case 2)

    In this case, I want to make sure the URL pattern "service.wps/OperationSecureB" will be authenticated before actually execute the process and the bean associated with. NO LOGIN FORM involved. If the authentication failed, I will send an XML error back to the client. If ok, I will process it and give back a proper message. Our clients will have a Java or .NET Client Connector to access our service that I will read for them.

    My question is: I don't how to implement security around that. By URL filter or by object definitions??? I really need some help.


  • #2
    Probably best if you ask on the Acegi forum. The Acegi integration in Spring-WS is based on WS-Security, which has nothing to do with the scheme you're mentioning.