I had planned on providing a custom AccessDecisionManager that made the decision off of something in the MessageContext rather than the authenticated principle.
Christian Schneider wrote: > > I guess you will need some kind of spring security authentication. At > least so far that spring security knows the authenticated principal. How > else should it do the authorisation. > > Greetings > > Christian > > > HamletDRC schrieb: >> I have a set of CXF services I want to have authorization provided on >> based >> on Spring Security and the JSR-250 annotations. I do _not_ want to use >> the >> Spring Authentication mechanisms... for authentication I have the >> WSS4JInInterceptor and am quite happy with it. >> >> Does anyone know how to use just the Spring authorization in CXF? >> >> It should be as easy as adding this line of XML config to cxf.xml: >> >> <security:global-method-security jsr250-annotations="enabled"/> >> >> But when I do that I get bean not found errors for the >> "_authenticationManager" bean. I don't want to specify an authentication >> manager, I just want to specify an AccessDecisionManager. >> >> Any ideas on reference material? I read the Spring Security user guide >> but >> didn't feel like I knew what to do. >> Thanks, >> Hamlet D'Arcy >> [email protected] >> >> ----- >> -- >> Hamlet D'Arcy >> >> > > > ----- -- Hamlet D'Arcy -- View this message in context: http://www.nabble.com/Using-Spring-JSR-250-based-Authorization-but-not-Authentication-tp25461114p25462666.html Sent from the cxf-user mailing list archive at Nabble.com.
