Andreas, Thanks for all the information about the stuff there at google. That's really cool.
That said, as an Apache committer, you should be able to do all of this in the CXF sandbox: http://svn.apache.org/repos/asf/cxf/sandbox/ The sandbox is completely open to any Apache committer. If it's in there, things like Apache JIRA's can be linked with svn commits, we can just "svn merge" the changes over, etc.... It might be good if some of the below bullets could be broken into individual JIRA's and dirs in the sandbox. It's possible that maybe one or two could be merged over already. Anyway, it's a thought. Not sure if you were aware of the sandbox or not. Dan On Mon November 9 2009 3:34:51 pm Andreas Veithen wrote: > Indeed, after the discussion [1] on the mailing list around CXF and > Spring Security I put the code into a temporary project on Google > Code. Unfortunately, shortly afterwards I got absorbed by other things > and the project got somewhat stalled. Here is what I have for the > moment: > > - An implementation of a (server side) password callback handler that > integrates WS-Security with Spring Security. It delegates > authentication (for UsernameToken) to Spring Security. > - A feature (in the sense of org.apache.cxf.feature) that sets up a > service to enable annotation based authorization. It binds the > Authentication object provided by the password callback handler (or > any other interceptor) to the thread that executes the service > implementation. This works with JAX-WS and JAX-RS. > - An initial implementation of an interceptor that implements HTTP > Basic Authentication. This can be used as an alternative for the > traditional servlet filter based implementation in Spring Security. > - A Spring namespace handler defining some custom configuration tags > that make configuration easier and that nicely integrate with the > custom tags defined by Spring Security. > > It's not yet ready for inclusion in CXF, but as I indicated in the > description of the project in Google Code, it is of course the > intention to do this. I think that if we have some users who test the > code and provide feedback and with the help of some CXF people to > guide us in writing systests and documentation, it should be possible > to achieve that goal. > > Please explain your use case a bit further so that we can work > together to see how we can implement that use case. > > Regards, > > Andreas > > [1] > http://old.nabble.com/CXF-%2B-JAX-RS-%2B-Spring-Security-(Acegi)-for-autho > rization-td25462665.html > > On Mon, Nov 9, 2009 at 16:54, Sergey Beryozkin <[email protected]> wrote: > > Hi, > > > >> We have a need for application authorization using Spring security. > >> There is > >> a project in google containing what looks like a solution: > >> http://code.google.com/p/cxf-spring-security/ . Is this slated for a > >> future > >> release of CXF? > > > > It's good to see Andreas actualy going ahead with this > > project...Hopefully we'll get it integrated with CXF eventually, but I'm > > not aware when it might happen. > > > > We have some simple Spring Security JAXRS system tests [1]. But they > > might be of help even if you do JAX-WS. Though if you need to bridge > > between WS-Security and Spring Security, then those tests won't give > > enough info...Andreas and other users who've had some relevant experience > > may help... > > > > cheers, Sergey > > > > [1] > > http://svn.apache.org/repos/asf/cxf/trunk/systests/jaxrs/src/test/java/or > >g/apache/cxf/systest/jaxrs/security/ (contains all the tests and > > resources) > > > > corresponding web apps : > > > > [2] > > http://svn.apache.org/repos/asf/cxf/trunk/systests/jaxrs/src/test/resourc > >es/jaxrs_security/ [3] > > http://svn.apache.org/repos/asf/cxf/trunk/systests/jaxrs/src/test/resourc > >es/jaxrs_security_cglib/ [4] > > http://svn.apache.org/repos/asf/cxf/trunk/systests/jaxrs/src/test/resourc > >es/jaxrs_security_no_annotations/ > > > >> -- > >> View this message in context: > >> http://old.nabble.com/Strategy-for-CXF-integration-with-Spring-Security- > >>tp26268002p26268002.html Sent from the cxf-user mailing list archive at > >> Nabble.com. > -- Daniel Kulp [email protected] http://www.dankulp.com/blog
