AnsweredAssumed Answered

Security managed by the web container of webService client.

Question asked by anweber on Feb 15, 2007
Latest reply on Feb 21, 2007 by andy

       Is there a way to obtain a solution where the transfer of the user account (userId, password) for the initial connection to the webService layer is managed by the web container of the calling web application?

       What I try to do is to transmit user credentials from my web application to a webService of Alfresco.  I will try to be more precise.  I have to fournish a web application (in fact it's a portal application in WebLogic Portal) communicating with Alfresco through the webServices layer.  The first call to this layer, will be a connection  : some thing like authenticationService.connect(user, password) and it returns a ticket.  I want to use the account of the current user of my web application.  Of course, I can ask the name of the current user to my web container but I can't obtain his password.  My feeling is that it should be managed by the webContainer. But it is possible?  Is the way Alfresco use WSSE during the connection stage standard enough?

          Many thanks for your help,