Hi,
I don't know the answer yet but hopefully I'll know soon enough, as I'm going to start working on a cxf jaxrs test/demo with the spring security Annotations involved. Thanks for posting the configuration sample. I have a couple of questions : - do you expect an authorization failure given that your spring security config allows an access for ROLE_USER while the @Secured annotation permits an access only to those in ROLE_ADMINISTRATOR - what happens when you combine both cxf.xml and applicationContext-security.xml in a single bean ? Cheers, Sergey -----Original Message----- From: dclane [mailto:[EMAIL PROTECTED] Sent: 03 December 2008 23:05 To: [email protected] Subject: Spring Security annotations in CXF? I'm attempting to use Spring Security's @Secured method-level annotation in my project. Everything works fine in a sample Spring-only project, but the @Secured annotations appear to be ignored in my CXF project (I'm using JAX-RS and @Path method-level annotations). For now I'm using a form-based login; my authentication provider works properly and users are assigned GrantedAuthority roles, but all users are able to access my @Secured method/page regardless of their roles. I've looked to Spring forums for help, but no luck so far. Does anything look completely off-base? ------- cxf.xml ------- <jaxrs:server id="services" address="/"> <jaxrs:serviceBeans> <ref bean="myBean"/> </jaxrs:serviceBeans> </jaxrs:server> <bean id="myBean" class="com.company.service.MyService"/> ------- applicationContext-security.xml ------- <global-method-security secured-annotations="enabled" jsr250-annotations="enabled"/> <http auto-config="true"> <intercept-url pattern="/**" access="ROLE_USER"/> </http> <authentication-provider user-service-ref="myUserDetailsService"/> <beans:bean id="myUserDetailsService" class="com.metova.service.web.auth.AuthenticationDetailsService"/> ------- MyService.java ------- public class MyService{ @GET @Path( "/myService/{id}.xml" ) @ProduceMime( "application/xml" ) @Secured( "ROLE_ADMINISTRATOR" ) public Object getMyObject( @PathParam( "id" ) String codeModuleName ) { // do stuff. } } Thank you for your time! - Dave -- View this message in context: http://www.nabble.com/Spring-Security-annotations-in-CXF--tp20823712p208 23712.html Sent from the cxf-user mailing list archive at Nabble.com.
