cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei Shakirin <ashaki...@talend.com>
Subject RE: Authorization with CXF and WSS4J?
Date Wed, 29 Aug 2012 13:36:16 GMT
Hi Mickael,

You can use CXF AbstractAuthorizingInInterceptor and SimpleAuthorizingInInterceptor as basis:
http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractAuthorizingInInterceptor.java
http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/SimpleAuthorizingInterceptor.java

Idea is the following: SimpleAuthorizingInInterceptor is configured with methods-roles map.
Interceptor validates does user in given role have permissions to accessing method.

There is the sample configuration in
http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml

It can be a good starting point for your task.

Regards,
Andrei.

-----Original Message-----
From: Mickael Marrache [mailto:Mickael.Marrache@xconnect.net] 
Sent: Mittwoch, 29. August 2012 10:39
To: users@cxf.apache.org
Subject: Authorization with CXF and WSS4J?

Hi,

I'm looking for a way to implement web service authorization with CXF but I can't find anything
on the CXF documentation, nor on the web. I would like to define roles, and to specify for
each web method which roles are authorized...
I've looked at the different WS-* support in the doc, especially WS-Security, WS-SecurityPolicy
and WS-Policy but I don't understand how these can be use for authorization.

Please, provide me some links in the case it is possible.

Thanks

Mime
View raw message