This would be handled by your backing authorization mechanism. For instance,
if you are using Spring security as your authentication/authorization
provider, you could get the role of the current principal and limit the
results programatically based on who made the web service call.
Slava Imeshev wrote:
>
> Hi all,
>
> I have an interesting use case that I am not sure how to approach.
>
> Consider a service MyService on Tomcat, pseudocode:
>
> MyService {
> Set<Entry> getEntries();
> }
>
> For that service, if the requester did not authenticate, the
> getEntries would return a limited list of entries, only those allowed
> for "public" access. If the requestor did authenticate, the service
> returns an extended set. How can this be done with CXF?
>
> Regards,
>
> Slava Imeshev
>
>
>
>
--
View this message in context:
http://www.nabble.com/Authentication-and-authorization-tp22111513p22120410.html
Sent from the cxf-user mailing list archive at Nabble.com.
