Taking another approach, is there a way to take the information (like the Prinicpal object or similar) out of the WSS4J results and feed that into the Spring AuthenticationManager as an authenticated object? I think the DecisionManager should work fine then.
Definitely not my area though. I could be completely blowing smoke. :-) Dan On Tue September 15 2009 6:03:31 pm HamletDRC wrote: > I had planned on providing a custom AccessDecisionManager that made the > decision off of something in the MessageContext rather than the > authenticated principle. > > Christian Schneider wrote: > > I guess you will need some kind of spring security authentication. At > > least so far that spring security knows the authenticated principal. How > > else should it do the authorisation. > > > > Greetings > > > > Christian > > > > HamletDRC schrieb: > >> I have a set of CXF services I want to have authorization provided on > >> based > >> on Spring Security and the JSR-250 annotations. I do _not_ want to use > >> the > >> Spring Authentication mechanisms... for authentication I have the > >> WSS4JInInterceptor and am quite happy with it. > >> > >> Does anyone know how to use just the Spring authorization in CXF? > >> > >> It should be as easy as adding this line of XML config to cxf.xml: > >> > >> <security:global-method-security jsr250-annotations="enabled"/> > >> > >> But when I do that I get bean not found errors for the > >> "_authenticationManager" bean. I don't want to specify an authentication > >> manager, I just want to specify an AccessDecisionManager. > >> > >> Any ideas on reference material? I read the Spring Security user guide > >> but > >> didn't feel like I knew what to do. > >> Thanks, > >> Hamlet D'Arcy > >> hamlet...@gmail.com > >> > >> ----- > >> -- > >> Hamlet D'Arcy > > ----- > -- > Hamlet D'Arcy > -- Daniel Kulp dk...@apache.org http://www.dankulp.com/blog
