Sergey Beryozkin-2 wrote: > > Hi > > 'Injectable' is a custom interface used by the test and its only purpose > is to ensure a JAXRS context instance (SecurityContext in > this case) is injected properly, given that the actual resource class > (SecureBookStore) is proxified by Spring. For cases like this > one, having a custom utility interface like Injectable IMHO is better than > adding methods like setSecurityContext on the application > interfaces like SecureBookInterface. > > cheers, Sergey >
Thanks again for your help. I am still not able to get an authenticated user to pass through a secured method on my webservice. Spring Security is securing the method, but will not allow a user to enter that method even if the user is currently logged in with the correct ROLES. My implementation seems pretty close to the Test example, however, my 'beans.xml' is much simpler and my spring security context is different. I am posting the cxf config, spring security config and my service bean interface in hopes that maybe something that I am doing wrong will jump out at you ! PS: I am passing the Context in to my method as a parameter thinking that is neccessary since Spring creates singleton beans and I need a context per request. Is that correct? cxf.xml <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:jaxrs="http://cxf.apache.org/jaxrs"; xmlns:cxf="http://cxf.apache.org/core"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd";> <import resource="classpath:META-INF/cxf/cxf.xml"/> <import resource="classpath:META-INF/cxf/cxf-extension-jaxrs-binding.xml"/> <import resource="classpath:META-INF/cxf/cxf-servlet.xml"/> <!-- The service bean --> <bean id="gatewayService" class="com.mg.webservice.GatewayServiceImpl"> <property name="userDao" ref="userDao" /> <property name="payloadService" ref="payloadService" /> </bean> <jaxrs:server id="cxfgateway" address="/cxfgatewayaddress"> <jaxrs:serviceBeans> <ref bean="gatewayService"/> </jaxrs:serviceBeans> </beans> security.xml <beans:beans xmlns="http://www.springframework.org/schema/security"; xmlns:beans="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd";> <global-method-security secured-annotations="enabled" access-decision-manager-ref="accessDecisionManager" /> <http auto-config="false" access-decision-manager-ref="accessDecisionManager" access-denied-page="/accessDenied.html" entry-point-ref="authenticationProcessingFilterEntryPoint" lowercase-comparisons="true" session-fixation-protection="migrateSession"> <intercept-url pattern="/favicon.ico" filters="none"/> <intercept-url pattern="/css/*.css" filters="none"/> <intercept-url pattern="/audio/*.*" filters="none"/> <intercept-url pattern="/images/*.*" filters="none"/> <intercept-url pattern="/images/*/*.*" filters="none"/> <intercept-url pattern="/js/*.js" filters="none"/> .... <intercept-url pattern="/**" access="ROLE_USER,ROLE_ADMIN" /> <logout logout-success-url="/notLoggedIn.htm" logout-url ="/mglogout" /> <anonymous username="guest" granted-authority="ROLE_GUEST" /> <concurrent-session-control max-sessions="1" /> </http> <authentication-manager alias="authenticationManager"/> <authentication-provider user-service-ref="userDao"> <password-encoder ref="passwordEncoder" > <salt-source user-property="getId"/> </password-encoder> </authentication-provider> <beans:bean id="passwordEncoder" class="org.springframework.security.providers.encoding.Md5PasswordEncoder"> </beans:bean> <beans:bean id="saltSource" class="org.springframework.security.providers.dao.salt.ReflectionSaltSource"> <beans:property name="userPropertyToUse" value="getId"/> </beans:bean> <beans:bean id="authenticationProcessingFilter" class="com.mg.security.mgAuthenticationProcessingFilter"> <custom-filter position="AUTHENTICATION_PROCESSING_FILTER" /> <beans:property name="filterProcessesUrl" value="/mglogin" /> <beans:property name="defaultTargetUrl" value="/loggedIn.htm" /> <beans:property name="alwaysUseDefaultTargetUrl" value="true" /> <beans:property name="authenticationFailureUrl" value="/loginfailure.htm" /> <beans:property name="authenticationManager" ref="authenticationManager" /> <beans:property name="userSessionDao" ref="userSessionDao" /> <beans:property name="notificationService" ref="notificationService" /> </beans:bean> <beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint"> <beans:property name="loginFormUrl" value="/login.htm" /> <beans:property name="forceHttps" value="false" /> </beans:bean> <beans:bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased"> <beans:property name="decisionVoters"> <beans:list> <beans:bean class="org.springframework.security.vote.RoleVoter" /> <beans:bean class="org.springframework.security.vote.AuthenticatedVoter" /> </beans:list> </beans:property> </beans:bean> </beans:beans> Service Interface: @Path("/enter") @Produces("application/XML") public interface GatewayService { @GET @Path("/recentQuestions/{firstResult}") public List<Question> getRecentQuestions(@PathParam("firstResult") int firstResult); @GET @Path("/convo/{nId}/{qId}") public ActiveDisplay readConversation (@PathParam("nId")Long nId, @PathParam("qId")Long qId); @GET @Path("/payload") @Secured({"ROLE_USER","ROLE_ADMIN"}) public Response makePayload(@Context SecurityContext securityContext, @Context Request request, @Context HttpServletRequest httpServletRequest); } -- View this message in context: http://old.nabble.com/Is-it-possible-to-integrate-CXF-JAX-RS-with-Spring-Security-2.0.5---tp27587340p27619097.html Sent from the cxf-user mailing list archive at Nabble.com.
