Actually we are using mule to perform an HTTP/JMS protocol bridge using basic authentication as the authentication scheme. Our messages are SOAP messages. We can pass along the Authorization HTTP Header on the JMS message.
We then have CXF JMS Endpoints which listen to the JMS queue and process the messages. Currently we have no security enabled for these endpoints, but I'd like to use Spring Security Annotations to annotate our WebMethods. The problem that I'm having is that we need something similar to the org.springframework.web.filter.DelegatingFilterProxy (which intercepts http requests and bind the security tokens to the current thread) which will validate the user/password and populate the necessary security tokes used by spring security. This needs to happen after the message is pulled from the queue but before unmarshalling occurs and the service is invoked. Hope this helps! John Andreas Veithen-2 wrote: > > What is the protocol that you are going to use? WS-Security with SOAP/JMS? > > Andreas > > On Mon, Feb 1, 2010 at 19:51, johnpfeifer4 <[email protected]> wrote: >> >> I was wondering if anyone has an example of implement spring security >> with a >> CXF JMS Endpoint. We currently secure all of our endpoints with the >> <security:http> element, limiting access to certain endpoints to a >> particular role(s). >> >> Now we have a requirement to enforce security for JMS endpoints. It >> seems >> that the listener that picks it off the JMS queue would have to know >> where >> to find the credentials on the message. Perhaps we need to write our >> own >> interceptors to do this? >> >> I figured I would post here before I start my own investigation. Any >> help >> would be greatly appreciated. >> >> Thanks, >> >> John >> >> -- >> View this message in context: >> http://old.nabble.com/Spring-Security-with-CXF-JMS-Endpoint-tp27409262p27409262.html >> Sent from the cxf-user mailing list archive at Nabble.com. >> >> > > -- View this message in context: http://old.nabble.com/Spring-Security-with-CXF-JMS-Endpoint-tp27409262p27410555.html Sent from the cxf-user mailing list archive at Nabble.com.
