The security-facade package implements a single-sign-on (SSO) authentication system between SOAP clients and SOAP services. Messages sent with the aid of this package are annotated with SSO credentials in the SOAP headers. Messages received by services using this package are authenticated using the credentials in the message.
The facade hides details of the authentication from the client and service code. Clients use a helper class, ClientSecurityGuard, to set up SSO credentials and to configure service proxies to use the credentials. Services use a matching helper class, ServiceSecurityGuard, to determine the results of authentication and to extract credentials after successful authentication. Encoding of credentials to SOAP, parsing of credentials from SOAP and validation of credentials at authentication are all done automatically on exchange of messages by JAX-RPC handlers.
The implementation behind the facade may use an external service to issue and validate SSO credentials. The current implementation uses the AstroGrid Community service, and the SSO credentials are NonceTokens.
This package ties together several Java standards:
Therefore, implementations of these standards must be provided to use the package. SUN's JDK provides JAAS. Apache-Axis provides SAAJ and JAX-RPC. In fact, the current implemenation requires Axism rather than another implementation, on the server side.