Here is how it works for us:
We have Axis2 embedded in our web application (http://wso2.org/library/90). We
also have a Spring security filter defined in the web.xml file of the same web
application. With the proper Spring configuration to back it up, this handles
authentication.
<filter>
<filter-name>securityFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>securityFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Once the users are authenticated by Spring, authorization is accomplished by
setting up Spring ACL security in our Spring configuration and our code. This
can be quite complicated, depending on what you need to do. We manually filter
collections of objects based on ACLs using a Spring
AclEntryAfterInvocationCollectionFilteringProvider.
________________________________
From: Amarnath Mukherjee [mailto:[email protected]]
Sent: Monday, January 30, 2012 10:12 AM
To: [email protected]
Subject: [Axis2] Restful web service and spring security
Hi,
I have a requirement to use spring security for authentication and
authorization of a request for a restful web service service developed with
AXIS2.
I have no clue about how to do that.
It would be a great help if you can give any pointer on this.
Thanks in advance,
Amarnath
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
--------------------------------------------------------------------- To
unsubscribe, e-mail: [email protected] For additional
commands, e-mail: [email protected]
________________________________
STATEMENT OF CONFIDENTIALITY:
The information contained in this electronic message and any attachments to
this message are intended for the exclusive use of the addressee(s) and may
contain confidential or privileged information. If you are not the intended
recipient, please notify WHI Solutions immediately at [email protected],
and destroy all copies of this message and any attachments.
