I guess you will need some kind of spring security authentication. At
least so far that spring security knows the authenticated principal. How
else should it do the authorisation.
Greetings
Christian
HamletDRC schrieb:
I have a set of CXF services I want to have authorization provided on based
on Spring Security and the JSR-250 annotations. I do _not_ want to use the
Spring Authentication mechanisms... for authentication I have the
WSS4JInInterceptor and am quite happy with it.
Does anyone know how to use just the Spring authorization in CXF?
It should be as easy as adding this line of XML config to cxf.xml:
<security:global-method-security jsr250-annotations="enabled"/>
But when I do that I get bean not found errors for the
"_authenticationManager" bean. I don't want to specify an authentication
manager, I just want to specify an AccessDecisionManager.
Any ideas on reference material? I read the Spring Security user guide but
didn't feel like I knew what to do.
Thanks,
Hamlet D'Arcy
hamlet...@gmail.com
-----
--
Hamlet D'Arcy
