Re: TomEE2 JAXRS Security Context

SKR Fri, 16 Jan 2015 02:28:38 -0800

Hi

Sorry for intercepting here ;) but I'd like to take your thread about the
SecureAnnotationsInterceptor.


If I got it right, it should be possible to use @RolesAllowed annotation on
a JAX-RS service method (Not Ejb!), if using CXF's
SecureAnnotationsInterceptor. Is this correct?

I prepared a small service that does not like to run because the
SecureAnnotationsInterceptor is never called.

Application Class:
@javax.ws.rs.ApplicationPath("/test")
@Interceptors(org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor.class)
public class DeviceService extends Application {

        @Override
        public Set<Class&lt;?>> getClasses() {
                Set<Class&lt;?>> s = new HashSet<Class&lt;?>>();
                s.add(MyServiceClass.class);
                return s;
        }
}

Service Class:
import javax.annotation.security.RolesAllowed;
import javax.ws.rs.GET;

@GET
@RolesAllowed("myRole")
public String getTest() {
  return "TEST"
}

I deployed it on tomEE 1.7.1-plus.

In fact everyone can invoke the service. The SecureAnnotationsInterceptor
class gets not even loaded!

I tried to follow the CXF reference on
http://cxf.apache.org/docs/secure-jax-rs-services.html.
Instead of
@Interceptors(org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor.class)
I tried to register the Interceptor in a cxf-servlet.xml file, that I placed
directly in WEB-INF/.

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans";
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:jaxrs="http://cxf.apache.org/jaxrs";
        xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
     http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd";>

  <bean id="secureBean" class="MyServiceClass"/>
 
  <bean id="authorizationInterceptor"  
           
class="org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor">       
   
       <property name="securedObject" ref="secureBean"/>
  </bean>

  <jaxrs:server address="/test">
    <jaxrs:providers>
      <ref bean="authorizationInterceptor" />
    </jaxrs:providers>
  </jaxrs:server>

</beans>

The result is the same. The interceptor class gets not even loaded :(

I tried to follow you advice not losing too much time on it ;) I failed. 
Do you have some suggestions?

Thanks!




--
View this message in context: 
http://tomee-openejb.979440.n4.nabble.com/TomEE2-JAXRS-Security-Context-tp4672828p4673407.html
Sent from the TomEE Users mailing list archive at Nabble.com.

Re: TomEE2 JAXRS Security Context

Reply via email to