M
Michael Jacobs
Guest
Perhaps I can assist by providing some information about how the REST service generates a Client-Principal and sends it to an AppServer. From that you may be able to use some more magic and get all the pieces the way you need them. The first thing to know is that Client-Principals are generated by the REST service's Spring Security framework. When it sees an authenticated user, by virtue of Spring generating a client security token, it does a simple conversion to a Client-Principal object and passes it to the AppServer via the connection's ClientPrincipal property. (The default case anonymous generates a security token for user 'anonymous', which is interpreted as no user login and does not generate or send a Client-Principal to the AppServer ) A Spring Security token can be generated by either SSO (or what I will refer to as SSO) or Direct Login methods. Direct Login means that the Spring Security framework physically authenticates a user-id & Password to some source (file, LDAP/AD, OE AppServer, DB, ...). The SSO means that an external authentication process Spring Security is configured to recognize has physically authenticated the user-id/password and has passed the authenticated user-id to Spring Security. Examples of using external authentication processes is: Tomcat 'container', Apache/IIS via the AJP13 connector, Rollbase 3.1. The first two would start with using the Spring Security 'container' configuration file. Hope that helps
Continue reading...
Continue reading...