cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <sberyoz...@gmail.com>
Subject Re: SOAP Webservices Authorization with Java using Apache CXF
Date Tue, 17 Sep 2013 11:24:59 GMT
On 17/09/13 09:50, Faz wrote:
> I would like to have a webservice designed using Apache CXF incorporating the
> authorization (method-level) with Java (along with database).
> Say for instance, an implemnation class A has two methods getData and
> addData. I would like to allow one set of role to access getData and other
> to access the addData method. What I need there is, one user passes the
> userid/service id from Client, the webservice authenticates the user and
> then when the method is invoked, based on the roles allowed the method
> should be either accessible or not. I would like to get these roles details
> from the database based on the logged-in-user.
> Can JAAS be used in this context? however I need the details for the roles
> from DB alone as there may be may 100s of method and having the
> @RolesAllowed specified in each method becomes cumbersome and unmanagable.
> Have googled through all the relevant topics ,haven't found any good
> solution for this.Please suggest me something on this.
>

CXF JAASLoginInInterceptor can handle the authentication and the 
SecurityContext population. SimpleAuthorizingInterceptor can manage the 
roles configuration, it has methodRolesMap & globalRoles properties, if 
a given method has no roles attached then globalRoles will be used.

http://cxf.apache.org/docs/security.html#Security-JAASLoginInterceptor
http://cxf.apache.org/docs/security.html#Security-Authorization

HTH
Sergey

>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/SOAP-Webservices-Authorization-with-Java-using-Apache-CXF-tp5734142.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>



Mime
View raw message