I am trying to figure out if it is possible to integrate Spring Security
2.0.5 with cxf jax-rs.
I have a website running spring security FORM-based authentication and have
implemented cxf to run some jax-rs webservices. I would like the cxf URIs
to be annotated with @Secured({"ROLE_USER"}) so that only authenticated
users can call the webservice URI. Then, I would like to be able to get the
username from the Authentication object that should exist in the
SecurityContext. If I can do that then I can be sure that the username
calling this webservice is indeed the user they say they are (at least in so
far as they have authenticated with a password)
I have not been able to figure out a way to do this. It seems that the
requests coming in to cxf never have a principal or authentication object
set. If I mark the webservice methods with @Secured({"ROLE_USER"}) all
requests are denied.
I do not know whether I am missing a Spring or CXF configuration setting,
not setting up the HttpClient that is making the request to the webservice
correctly, or whether this cannot be done at all.
I would greatly appreciate if someone can clarify my confusion on how to do
this.
Thank you.
--
View this message in context:
http://old.nabble.com/Is-it-possible-to-integrate-CXF-JAX-RS-with-Spring-Security-2.0.5---tp27587340p27587340.html
Sent from the cxf-user mailing list archive at Nabble.com.
