cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin" <sbery...@progress.com>
Subject RE: [Jax-Rs]security with spring
Date Thu, 04 Dec 2008 10:40:28 GMT
Hi Ragini

This is awesome and very helpful, thanks.

If I understand it right you do an out-of-band (hope this term makes
sense in this context) authorization, that is do you avoid using
@Secured annotations in the code and essentially do custom/manual
authorization in your filter ?

Thanks, Sergey


-----Original Message-----
From: Rest FulService [mailto:restfulwebservice@gmail.com] 
Sent: 04 December 2008 04:44
To: users@cxf.apache.org
Subject: Re: [Jax-Rs]security with spring

Hi ,





I have implemented Spring-security for CXF restful web services using
JAX-RS
APIs.I have extended AuthenticationProcessingFilterEntryPoint in my
customized filter class and configured it in the following way :



<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security"

      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

      xmlns:beans="http://www.springframework.org/schema/beans"

      xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd

              http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.1.xsd
">



<http auto-config="false"

            entry-point-ref="secureAuthenticationFilter">

            <intercept-url pattern="/placeOrder" access="ROLE_User" />

            <intercept-url pattern="/**"

                  access="IS_AUTHENTICATED_ANONYMOUSLY" />

</http>



<authentication-provider

            user-service-ref="authenticationProvider">

      </authentication-provider>





<!-- This class is dao class which will be used to load data from db
using
hibernate-->

      <beans:bean id="authenticationProvider"

            class="com.fetch.fetchfirst.service.myCustomProvider">

            <beans:property name="sessionFactory" ref="sessionFactory"
/>

      </beans:bean>



<beans:bean id="secureAuthenticationFilter"


class="com.fetch.fetchfirst.webservice.filter.WebServiceAuthenticationFi
lter">

            <beans:property name="loginFormUrl" value="/placeOrder" />

            <beans:property name="authenticationProvider"

                  ref="authenticationProvider" />



</beans:bean>

</beans:beans>



This authentication filter   extends

AuthenticationProcessingFilterEntryPoint  and  override commence
methods.



public void commence(ServletRequest request, ServletResponse response,

                  final AuthenticationException authException) throws
IOException, ServletException {



      public void commence(ServletRequest request, ServletResponse
response,

                  final AuthenticationException authException) throws
IOException, ServletException {



            HttpServletRequest httpRequest = (HttpServletRequest)
request;

            HttpServletResponse httpResponse = (HttpServletResponse)
response;

// You can manipulate data from request and response. And authenticate
your
user and send response to the client by PrintWriter



RequestDispatcher dispatcher =
httpRequest.getRequestDispatcher("/placeOrder");

dispatcher.forward(request, response);



}



}



This is all what I have done.

Regards,

Ragini





On 12/3/08, Sergey Beryozkin <sergey.beryozkin@progress.com> wrote:
>
> I'm planning to start working on a Spring Security based demo shortly
-
> hopefully we'll be able to see what bugs if any need to be sorted out
in CXF
> JAXRS - but I'd also really like to hear about any practical
experiences out
> there.
>
> If someone who has already implemented a successful Spring Security
project
> then sharing some hints or configuration would  be appreciated
>
> Cheers, Sergey
>
>
>> Hi,
>>
>> Did you get it working, can we share your notes please .
>>
>> --Irshad.
>>
>> Rest FulService wrote:
>>
>>>
>>> Hi all,
>>>
>>> I am working with CXF 2.1.2  JAX-RS with Spring security and falling
in
>>> to
>>> trap of jar conflicts.
>>> Can anybody tell me  CXF 2.1.1 support which version of spring 2.5.4
or
>>> 2.0.8?
>>> Or somebody ever implement Restful Webservice security with Jax-Rs
and
>>> spring.
>>>
>>> Your valuable input requires on urgent basis.
>>> Thanks in advance
>>>
>>> Regards,
>>> RWS
>>>
>>>
>>>
>> --
>> View this message in context:
>>
http://www.nabble.com/-Jax-Rs-security-with-spring-tp20262135p20792656.h
tml
>> Sent from the cxf-user mailing list archive at Nabble.com.
>>
>>
>>
>
>

Mime
View raw message