I'm trying to figure out how best to apply aspects like authentication and authorization to my distributed OSGi services using CXF. Since I won't know which services are deployed locally or remotely until the osgi container is running, I don't think servlet filters are the right approach (the filter would be bypassed for local service invocations).
I'm pretty sure that each service that is exposed as a remote endpoint via DOSGI has its own CXF Bus. So I should be able to add interceptors to the buses generated by the CXFNonSpringServlets. But I think these buses are bypassed when the service is locally invoked, so the CXF interceptor approach doesn't work either. Does anyone have suggestions for applying aspects to (D)OSGI services? I'm about to read up on the new Find hooks available in the osgi 4.2 spec, since I might be able to sneak a proxy into service location, but I don't want to give up on a CXF based solution if there is one. Thanks, Josh
