We are testing the concept of using Apache HTTPD as a reverse proxy and authenticating all our users there. This allows us to authenticate in one spot and pass the authenticated username in a HTTP header to our various backend servers. We currently have this working pretty well on one application using spring security and the PreAuthenticatedAuthenticationProvider. Now we are trying to do the same with CXF so that our web services can get the authenticated user information as well but we've run into an issue trying to utilize spring security.
We are running CXF on top of ServiceMix 4.4.1 (CXF 2.4.6) and using blueprint configuration files. When we try to add the spring security tags to our blueprint files our service gets stuck in GracePeriod waiting for a namespace handler for "https://www.springsource.org/security";. So this brings up two questions: 1) Is there a way to define spring security features in a blueprint file? If so, what bundles/features do I need to get past the namespace resolution? 2) Is there a better way to handle this issue without having to use spring security? Our end goal is to be able to call OSGI services from our CXF web service and have the security context passed along so our OSGI services can make decisions based on the calling user. We really want to avoid having to pass the username as a parameter to all the methods. Thanks, Chris
