Hello,
I am working with CXF 2.0.4 with javaFirst/Spring/CXF Servlet.
I have the jaxws setup using Timestamp, Signature, and Encypt.
I have some customized interceptors and a handler.
This is all included in one war file (just like the demos) that I deploy
to JBoss (and eventually Websphere).
I was wondering if its possible to:
- separate out my service implementation as one war file and my security
configuration as another war file
or
- have my service endpoint be external from the same JVM that CXF is under
(the internal endpoint is different from the published external endpoint).
The goal is to keep the security settings "untouchable" when further
maintenance/enhancements of the service methods goes forward.
We don't want to have to worry about the security getting broken once we
know that its working correctly.
I believe that this is called "hardening" the security.
Any suggestions/readings would really be appreciated.
