cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <>
Subject Re: SOAP Webservices Authorization with Java using Apache CXF
Date Tue, 17 Sep 2013 11:24:59 GMT
On 17/09/13 09:50, Faz wrote:
> I would like to have a webservice designed using Apache CXF incorporating the
> authorization (method-level) with Java (along with database).
> Say for instance, an implemnation class A has two methods getData and
> addData. I would like to allow one set of role to access getData and other
> to access the addData method. What I need there is, one user passes the
> userid/service id from Client, the webservice authenticates the user and
> then when the method is invoked, based on the roles allowed the method
> should be either accessible or not. I would like to get these roles details
> from the database based on the logged-in-user.
> Can JAAS be used in this context? however I need the details for the roles
> from DB alone as there may be may 100s of method and having the
> @RolesAllowed specified in each method becomes cumbersome and unmanagable.
> Have googled through all the relevant topics ,haven't found any good
> solution for this.Please suggest me something on this.

CXF JAASLoginInInterceptor can handle the authentication and the 
SecurityContext population. SimpleAuthorizingInterceptor can manage the 
roles configuration, it has methodRolesMap & globalRoles properties, if 
a given method has no roles attached then globalRoles will be used.


> --
> View this message in context:
> Sent from the cxf-user mailing list archive at

View raw message