cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <sberyoz...@gmail.com>
Subject Re: Is it possible to use @RollsAllowed annotation in CFX RESTfull
Date Fri, 22 Feb 2013 13:07:45 GMT
Hi
On 22/02/13 12:59, svasanta wrote:
> Hi,
> I am using CFX 2.6.3. Does CFX RESTfull web service support @RollsAllowed
> annotation ?
>
> What I am looking for is:
> I want to annotate my rest method like @RollsAllowed({"admin"}). and
> expectation is only users with admin role should be allowed to access the
> method.  Like this I want to have different role constraints for
> methods/classes.
>
> Is there any other way to do this, preferably using annotations ?
>
Sure, have a look at
http://svn.apache.org/repos/asf/cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_simple_security/WEB-INF/beans.xml

You can use either CXF interceptors or JAX-RS filters, the latter will 
return 403 in case of authorization failures.

For example, 
org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor will 
analyze the injected bean for RolesAllowed by default - you can tell it 
if other annotation needs to be checked (such as Spring @Secured)

Sergey
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Is-it-possible-to-use-RollsAllowed-annotation-in-CFX-RESTfull-tp5723575.html
> Sent from the cxf-user mailing list archive at Nabble.com.


-- 
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Blog: http://sberyozkin.blogspot.com

Mime
View raw message