Hi, Is there any more documentation on this? Or some examples? Or is it as simple as:
public void myMethod(String param1, String param2, @Context SecurityContext sc) { .. } John Baker -- Web SSO IT Infrastructure Deutsche Bank London URL: http://websso.cto.gt.intranet.db.com "Sergey Beryozkin" <[EMAIL PROTECTED]> 17/06/2008 16:04 Please respond to users@cxf.apache.org To <users@cxf.apache.org> cc Subject Re: Roles and permissions Hi John Try @Context SecurityContext sc as a parameter in your method and then sc.isUsertInRole()... The other option is to experiment with Acegi (Spring Security), as far as applying permissions to individual methods - I haven't tried myself. I think JAX-RS will support some explicit EE security annotations too at some time Cheers, Sergey > Hello, > > Is there any way to use annotations to apply roles to methods in a > Webservice or REST call? I'd like to be able to configure an application > to let users within one group access a set of methods that another set of > users can not access. > > Is there a way to get the HttpRequest object from a method? > > Thanks, > > > John Baker > -- > Web SSO > IT Infrastructure > Deutsche Bank London > > URL: http://websso.cto.gt.intranet.db.com > > > --- > > This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this > e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution > of the material in this e-mail is strictly forbidden. > > Please refer to http://www.db.com/en/content/eu_disclosures.htm for additional EU corporate and regulatory disclosures. ---------------------------- IONA Technologies PLC (registered in Ireland) Registered Number: 171387 Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland --- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Please refer to http://www.db.com/en/content/eu_disclosures.htm for additional EU corporate and regulatory disclosures.