If your application is deployed over JBOSS, you may use JBOSS's JAAS configuration with JBOSS specific annotations to perform Role based authorization.
You may refer this link for more information (though this link refers to message level security, its a best point to drill-down from here) http://community.jboss.org/wiki/JBossWS-WS-Securityoptions http://community.jboss.org/wiki/JBossWS-WS-Securityoptions -- View this message in context: http://cxf.547215.n5.nabble.com/Role-based-Access-Control-RBAC-for-web-services-tp2805531p2840566.html Sent from the cxf-user mailing list archive at Nabble.com.
