cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: Spring Security with CXF JMS Endpoint
Date Mon, 01 Feb 2010 20:30:11 GMT
On Mon February 1 2010 3:25:23 pm johnpfeifer4 wrote:
> Dan,
> 
> We have to get this done ASAP so we're willing to do the development (and
> contribute).  Can you tell me if this code is in the latest release
>  version?

Yep.   It's in 2.2.6.    From any interceptor, you can call:

SecurityContext sc = message.get(SecurityContext.class);
sc.getPrincipal();

Which SHOULD have the username set on it providing the JMS provider has been 
setup to provide that information.


Dan


> 
> Thanks,
> 
> John
> 
> dkulp wrote:
> > Christian recently did some updates to the JMS transport to pull the
> > JMSXUserID from the JMS Message and stick that into our SecurityContext.
> > You
> > would probably need an interceptor that would then take that and feed
> > that into the Spring security context.      If you do develop some
> > interceptors for
> > this, we'd love to have them.  :-)
> >
> > Dan
> >
> > On Mon February 1 2010 1:51:44 pm johnpfeifer4 wrote:
> >> I was wondering if anyone has an example of implement spring security
> >> with
> >>  a CXF JMS Endpoint.  We currently secure all of our endpoints with the
> >>  <security:http> element, limiting access to certain endpoints to a
> >>  particular role(s).
> >>
> >> Now we have a requirement to enforce security for JMS endpoints.  It
> >> seems
> >> that the listener that picks it off the JMS queue would have to know
> >> where
> >> to find the credentials on the message.   Perhaps we need to write our
> >> own
> >> interceptors to do this?
> >>
> >> I figured I would post here before I start my own investigation.  Any
> >> help
> >> would be greatly appreciated.
> >>
> >> Thanks,
> >>
> >> John
> 

-- 
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog

Mime
View raw message