Skip to content

XAware Community

Get the Flash Player to see this player.
Flash Image Rotator Module by Joomlashack.
XAware 5.6
Need Help
Webinars and Events
Advanced Tutorials
Webinars and Events

You are here: Home arrow Blogs

securityLDAPjaashttpauthorizationauthenticationaccess control 18 Apr 2008 6:14 AM
avatar
Securing XAware Services by kvandersluis

XAware uses Spring Security (formerly called the Acegi project) to control access to XAware-based services invoked over HTTP.

 

XAware's security model includes authentication and access control. A user is authenticated with a user name and password, and is allowed to operate in one or more roles, as specified by the security configuration. The BizView files implementing a service (BizDocuments, BizComponents, and BizDrivers) each can have a "required role" assignment. Roles are assigned to a BizView file at packaging time, or via the JMX management console. At run-time, when security is enabled, access to a BizView file is allowed only if the user has a role allowed by the BizView file.

 

The security configuration in the delivered product configures Spring Security to use HTTP Basic authentication with a simple file-based user/role definition file. Spring Security is very flexible, however, and can be configured to use HTTP Digest or certificate-based authentication with database, LDAP, single sign-on modules, JAAS, and many other authentication mechanisms. See the Spring Security site for details on how to do this.

 

For more information on configuring XAware security, see the wiki article on how to enable security .



Trackback(0)
Comments (0)add comment

Write comment
You must be logged in to a comment. Please register if you do not have an account yet.

busy

Get the Flash Player to see this player.
Flash Image Rotator Module by Joomlashack.
Commercial
Free Training
QuickStart Packages
Image 4 Title
Image 5 Title

Polls

Which data source and BizComponent combinations do you most frequently use?
 

Blogs

Recent Entries

Visit XAware.com