Sergey, The problem seems to lie between enabling WS-Security on CXF (which isn't a problem) and wiring this into Spring Secuirty. Look at the following:
Caused by: org.springframework.security.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext at org.springframework.security.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:342) at org.springframework.security.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:254) at org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:63) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) That appears after successful authentication with WS-Security, and CXF trying to invoke a method that's annotated with @RolesAllowed. John Baker -- Web SSO IT Infrastructure Deutsche Bank London URL: http://websso.cto.gt.intranet.db.com "Sergey Beryozkin" <[EMAIL PROTECTED]> 01/07/2008 10:14 Please respond to [email protected] To <[email protected]> cc <[email protected]> Subject Re: CXF and Acegisecurity Cool, thanks for a link. These links can get added to the wiki. I hope that in your project, where you combine JAX-RS and JAX-WS in one resource class, the single piece of Spring Security config should suffice, not sure though. let us know please how it goes Cheers, Sergey ----- Original Message ----- From: "John-M Baker" <[EMAIL PROTECTED]> To: <[email protected]> Cc: <[email protected]> Sent: Tuesday, July 01, 2008 10:09 AM Subject: Re: CXF and Acegisecurity > There's also a good example here: > > http://www.jroller.com/habuma/entry/method_level_security_in_spring > > I'm currently looking at what is required to wire Spring security into the > WS-Security module! > > > John Baker > -- > Web SSO > IT Infrastructure > Deutsche Bank London > > URL: http://websso.cto.gt.intranet.db.com > > > > > "Sergey Beryozkin" <[EMAIL PROTECTED]> > 01/07/2008 10:06 > Please respond to > [email protected] > > > To > <[email protected]> > cc > > Subject > Re: CXF and Acegisecurity > > > > > > > Hi > > >> Are there any docs specifically on implementing CXF REST With >> Acegisecurity? Google didnt return anything obvious.. A simple example >> showing how to secure a couple methods would be handy. > > have a look here please : > > http://static.springframework.org/spring-security/site/reference/html/ns-config.html#ns-method-security > > > It's a Spring Security module which you're after. It should be possible to > use AOP-like expressions to specify what kind of security > credentials need to be applied to various methods in your resource > class... > > Cheers, Sergey > > >> >> Thanks, >> >> >> John Baker >> -- >> Web SSO >> IT Infrastructure >> Deutsche Bank London >> >> URL: http://websso.cto.gt.intranet.db.com >> >> >> --- >> >> This e-mail may contain confidential and/or privileged information. If > you are not the intended recipient (or have received this >> e-mail in error) please notify the sender immediately and delete this > e-mail. Any unauthorized copying, disclosure or distribution >> of the material in this e-mail is strictly forbidden. >> >> Please refer to http://www.db.com/en/content/eu_disclosures.htm for > additional EU corporate and regulatory disclosures. > > ---------------------------- > IONA Technologies PLC (registered in Ireland) > Registered Number: 171387 > Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland > > > > --- > > This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this > e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution > of the material in this e-mail is strictly forbidden. > > Please refer to http://www.db.com/en/content/eu_disclosures.htm for additional EU corporate and regulatory disclosures. ---------------------------- IONA Technologies PLC (registered in Ireland) Registered Number: 171387 Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland --- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Please refer to http://www.db.com/en/content/eu_disclosures.htm for additional EU corporate and regulatory disclosures.
