cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei Shakirin <>
Subject RE: Authorization with CXF and WSS4J?
Date Wed, 29 Aug 2012 13:36:16 GMT
Hi Mickael,

You can use CXF AbstractAuthorizingInInterceptor and SimpleAuthorizingInInterceptor as basis:

Idea is the following: SimpleAuthorizingInInterceptor is configured with methods-roles map.
Interceptor validates does user in given role have permissions to accessing method.

There is the sample configuration in

It can be a good starting point for your task.


-----Original Message-----
From: Mickael Marrache [] 
Sent: Mittwoch, 29. August 2012 10:39
Subject: Authorization with CXF and WSS4J?


I'm looking for a way to implement web service authorization with CXF but I can't find anything
on the CXF documentation, nor on the web. I would like to define roles, and to specify for
each web method which roles are authorized...
I've looked at the different WS-* support in the doc, especially WS-Security, WS-SecurityPolicy
and WS-Policy but I don't understand how these can be use for authorization.

Please, provide me some links in the case it is possible.


View raw message