Hi Derek, Thank you. How will webservice implementation know who is calling? And how will it know that in one case user has not been authenticated?
Regards, Slava Imeshev P.S. There is no Spring in picture > -----Original Message----- > From: derek.adams [mailto:[email protected]] > Sent: Friday, February 20, 2009 6:43 AM > To: [email protected] > Subject: Re: Authentication and authorization > > > This would be handled by your backing authorization > mechanism. For instance, > if you are using Spring security as your authentication/authorization > provider, you could get the role of the current principal and > limit the > results programatically based on who made the web service call. > > > Slava Imeshev wrote: > > > > Hi all, > > > > I have an interesting use case that I am not sure how to approach. > > > > Consider a service MyService on Tomcat, pseudocode: > > > > MyService { > > Set<Entry> getEntries(); > > } > > > > For that service, if the requester did not authenticate, the > > getEntries would return a limited list of entries, only > those allowed > > for "public" access. If the requestor did authenticate, the service > > returns an extended set. How can this be done with CXF? > > > > Regards, > > > > Slava Imeshev > > > > > > > > > > -- > View this message in context: > http://www.nabble.com/Authentication-and-authorization-tp22111 > 513p22120410.html > Sent from the cxf-user mailing list archive at Nabble.com. >
