cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John-M Baker <john-m.ba...@db.com>
Subject Re: Roles and permissions
Date Wed, 18 Jun 2008 11:10:14 GMT
Yes, I do.

  <!-- Define the REST service -->
  <jaxrs:server id="cxf.server.rest.ApplicationConfigurationService" 
    address="/rest">
    <jaxrs:serviceBeans>
      <ref bean="service.beans.applicationConfiguration" />
    </jaxrs:serviceBeans>
  </jaxrs:server> 
 
  <!-- Define the application configuration webservice -->
  <jaxws:endpoint id="cxf.server.soap.ApplicationConfigurationService" 
    implementor="#service.beans.applicationConfiguration" 
    address="/soap/applicationConfiguration" />

John Baker
-- 
Web SSO 
IT Infrastructure 
Deutsche Bank London

URL:  http://websso.cto.gt.intranet.db.com




"Sergey Beryozkin" <sergey.beryozkin@iona.com> 
18/06/2008 12:04
Please respond to
users@cxf.apache.org


To
<users@cxf.apache.org>
cc
<users@cxf.apache.org>
Subject
Re: Roles and permissions






Hi

I'm confused by this stacktrace


> Caused by: com.sun.xml.bind.v2.runtime.IllegalAnnotationsException: 2
> counts of IllegalAnnotationExceptions
> javax.ws.rs.core.SecurityContext is an interface, and JAXB can't handle
> interfaces.
>        this problem is related to the following location:
>                at javax.ws.rs.core.SecurityContext
>                at private javax.ws.rs.core.SecurityContext
> 
com.db.websso.integration.services.jaxws_asm.GetApplicationConfiguration.arg1
>                at
> com.db.websso.integration.services.jaxws_asm.GetApplicationConfiguration
>

CXF JAX-RS does not do any asm processing at the moment. I'm wondering, do 
you have a combined
JAX-WS/JAX-RS service and perhaps the cxf jaxws asm handler attempts to 
preprocess this method as well ?

Cheers, Sergey


> So it doesn't work or I'm doing it wrong:
>
>   @GET
>   @Path("/get/{id}/")
>   @ProduceMime("application/xml")
>   Response getApplicationConfiguration(@PathParam("id") String id,
> @Context SecurityContext sc);
>
> Any other thoughts?
>
>
> John Baker
> -- 
> Web SSO
> IT Infrastructure
> Deutsche Bank London
>
> URL:  http://websso.cto.gt.intranet.db.com
>
>
>
>
> "Sergey Beryozkin" <sergey.beryozkin@iona.com>
> 18/06/2008 10:37
> Please respond to
> users@cxf.apache.org
>
>
> To
> <users@cxf.apache.org>
> cc
> <users@cxf.apache.org>
> Subject
> Re: Roles and permissions
>
>
>
>
>
>
> I'm sorry, it's a lack of the docs...
>
> Please use the SecurityContext from a jaxrs package
> javax.ws.rs.core
> Hope it will work
>
> Cheers, Sergey
>
> ----- Original Message ----- 
> From: "John-M Baker" <john-m.baker@db.com>
> To: <users@cxf.apache.org>
> Cc: <users@cxf.apache.org>
> Sent: Wednesday, June 18, 2008 10:13 AM
> Subject: Re: Roles and permissions
>
>
>> Sergey,
>>
>> Using @Context SecurityContext sc didn't work:
>>
>> Caused by: com.sun.xml.bind.v2.runtime.IllegalAnnotationsException: 2
>> counts of IllegalAnnotationExceptions
>> org.apache.cxf.security.SecurityContext is an interface, and JAXB can't
>> handle interfaces.
>>  this problem is related to the following location:
>>    at org.apache.cxf.security.SecurityContext
>>    at private org.apache.cxf.security.SecurityContext
>>
> 
com.db.websso.integration.services.jaxws_asm.GetApplicationConfiguration.arg1
>>    at
>> 
com.db.websso.integration.services.jaxws_asm.GetApplicationConfiguration
>> org.apache.cxf.security.SecurityContext does not have a no-arg default
>> constructor.
>>  this problem is related to the following location:
>>    at org.apache.cxf.security.SecurityContext
>>    at private org.apache.cxf.security.SecurityContext
>>
> 
com.db.websso.integration.services.jaxws_asm.GetApplicationConfiguration.arg1
>>    at
>> 
com.db.websso.integration.services.jaxws_asm.GetApplicationConfiguration
>>
>> And the SecurityContextImpl didn't work either:
>>
>> Caused by: com.sun.xml.bind.v2.runtime.IllegalAnnotationsException: 1
>> counts of IllegalAnnotationExceptions
>> org.apache.cxf.jaxrs.provider.SecurityContextImpl does not have a 
no-arg
>> default constructor.
>>  this problem is related to the following location:
>>    at org.apache.cxf.jaxrs.provider.SecurityContextImpl
>>    at private org.apache.cxf.jaxrs.provider.SecurityContextImpl
>>
> 
com.db.websso.integration.services.jaxws_asm.GetApplicationConfiguration.arg1
>> at
>> 
com.db.websso.integration.services.jaxws_asm.GetApplicationConfiguration
>>
>> Any thoughts?
>>
>>
>>
>> John Baker
>> -- 
>> Web SSO
>> IT Infrastructure
>> Deutsche Bank London
>>
>> URL:  http://websso.cto.gt.intranet.db.com
>>
>>
>>
>>
>> "Sergey Beryozkin" <sergey.beryozkin@iona.com>
>> 17/06/2008 16:04
>> Please respond to
>> users@cxf.apache.org
>>
>>
>> To
>> <users@cxf.apache.org>
>> cc
>>
>> Subject
>> Re:  Roles and permissions
>>
>>
>>
>>
>>
>>
>> Hi John
>>
>> Try
>>
>> @Context SecurityContext sc
>>
>> as a parameter in your method
>>
>> and then sc.isUsertInRole()...
>>
>> The other option is to experiment with Acegi (Spring Security), as far
> as
>> applying permissions to individual methods - I haven't
>> tried myself. I think JAX-RS will support some explicit EE security
>> annotations too at some time
>>
>> Cheers, Sergey
>>
>>
>>> Hello,
>>>
>>> Is there any way to use annotations to apply roles to methods in a
>>> Webservice or REST call?  I'd like to be able to configure an
>> application
>>> to let users within one group access a set of methods that another set
>> of
>>> users can not access.
>>>
>>> Is there a way to get the HttpRequest object from a method?
>>>
>>> Thanks,
>>>
>>>
>>> John Baker
>>> -- 
>>> Web SSO
>>> IT Infrastructure
>>> Deutsche Bank London
>>>
>>> URL:  http://websso.cto.gt.intranet.db.com
>>>
>>>
>>> ---
>>>
>>> This e-mail may contain confidential and/or privileged information. If
>> you are not the intended recipient (or have received this
>>> e-mail in error) please notify the sender immediately and delete this
>> e-mail. Any unauthorized copying, disclosure or distribution
>>> of the material in this e-mail is strictly forbidden.
>>>
>>> Please refer to http://www.db.com/en/content/eu_disclosures.htm for
>> additional EU corporate and regulatory disclosures.
>>
>> ----------------------------
>> IONA Technologies PLC (registered in Ireland)
>> Registered Number: 171387
>> Registered Address: The IONA Building, Shelbourne Road, Dublin 4,
> Ireland
>>
>>
>>
>> ---
>>
>> This e-mail may contain confidential and/or privileged information. If
> you are not the intended recipient (or have received this
>> e-mail in error) please notify the sender immediately and delete this
> e-mail. Any unauthorized copying, disclosure or distribution
>> of the material in this e-mail is strictly forbidden.
>>
>> Please refer to http://www.db.com/en/content/eu_disclosures.htm for
> additional EU corporate and regulatory disclosures.
>
> ----------------------------
> IONA Technologies PLC (registered in Ireland)
> Registered Number: 171387
> Registered Address: The IONA Building, Shelbourne Road, Dublin 4, 
Ireland
>
>
>
> ---
>
> This e-mail may contain confidential and/or privileged information. If 
you are not the intended recipient (or have received this 
> e-mail in error) please notify the sender immediately and delete this 
e-mail. Any unauthorized copying, disclosure or distribution 
> of the material in this e-mail is strictly forbidden.
>
> Please refer to http://www.db.com/en/content/eu_disclosures.htm for 
additional EU corporate and regulatory disclosures. 

----------------------------
IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland



---

This e-mail may contain confidential and/or privileged information. If you are not the intended
recipient (or have received this e-mail in error) please notify the sender immediately and
delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in
this e-mail is strictly forbidden.

Please refer to http://www.db.com/en/content/eu_disclosures.htm for additional EU corporate
and regulatory disclosures.
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message