Hi Vishal
I'm very sorry for a late reply - I was planning to reply much earlier but
then I got swamped with some work and forgot.
There're a number of options, depending on your preferences
1. Do it in the application code, in the resource class. This is may or may
not the best option. Typically this is something users prefer to do outside
of the application code. But then you may want to look at the resource class
which checks the injected SecurityContexts as the facade or as an
interceptor really which delegates to the actual application class which may
make this option more viable.
So in this case you have to have
@Resource WebServiceContext jaxwsContext;
@Context SecurityContext jaxrsSecurityContext;
declared in your code. Next, you need to figure out whether it's a JAXWS or
JAXRS invocation in progress, so you can do it like this
// not sure at the moment how exactly to get security context from jaxws one
if (jaxwsContext.getSecurityContext() == null) {
checkPrincipal(jaxrsSecurityContext.getPrincipal());
} else {
checkPrincipal(jaxwsContext.getSecurityContext().getPrincipal());
}
2. Use Spring security - we have some simple tests showing how
authentication and authorization can be done
3. For JAXRS : Use CXF JAX-RS RequestFilter or custom invoker (which simply
extends JAXRSInvoker and is registered as an invoker property) where you can
get all the info you need (method name, Principal, etc)
For JAXWS : do a custom CXF in Interceptor which will throw Fault if
needed.
Perhaps there're more options... Let me know please if you need more info on
any of the these options
Cheers, Sergey
Vishal.a wrote:
>
> Hello All,
>
> I have services written,that have both JaxRs and Jaxws.I have to implement
> security on the services now.There are 2 things i need to do
>
> 1. Authentication - Using Basic Http Authentication
> 2. Authorization - Secure each and every method.
>
> I have seen posts that show me how to do for either JaxRS or Jaxws,can
> someone tell me what would be the best way to approach it for doing it for
> both REST and SOAP.
>
> Any help is appreciated.
>
> Thanks,
> Vishal
>
--
View this message in context:
http://www.nabble.com/Security-in-Jaxws-Jaxrs-tp23266441p23339367.html
Sent from the cxf-user mailing list archive at Nabble.com.
