On Monday 26 April 2010 11:20:59 am Suneet Shah wrote: > Hello: > > I need to be able control access to service operations based on a > persons role. I have an access control framework that I need to > integrate with. Any thoughts on how I can integrate this in to CXF? > Could I define a custom interceptor for this? and would it be possible > to layer this with WS-Security? Ie. > - Use WS-Security to validate a saml token to see if a user has been > authenticated > - Next determine the user role and if they have access to a particular > service or operation? >
An interceptor could be perfect for this. You can get the authenticated user Principal object from the WS-Security layer or even from the HTTP layer (if using something like basic auth) from the message properties. From there, you could do some sort of authorization based on your framework and either proceed or throw an exception. Dan > Any guidance would be greatly appreciated. > > Thanks > Suneet -- Daniel Kulp [email protected] http://dankulp.com/blog
