I'm not sure you can do that, or even if such security functionality
were provided in the embedded server, whether it would be something you
should rely on in production use. Once you get to SSL, roles,
users/passwords, etc., formally declaring your rest endpoints in a WAR
file and deploying it to a standalone servlet container like Tomcat or
JEE app server is usually best. Let the container handle the security[1].
But perhaps someone else can provide you an answer to what you're trying
to do.
Glen
[1] http://www.jroller.com/gmazza/entry/ssl_for_web_services
On 08/18/2012 07:30 AM, Juan José Pérez Consuegra wrote:
That is exactly mi question, if I want to use authentication I must add
annotations, users, password and roles in serverconfig.xml, but I don`t
know how to include filters y mi server class.
In rs security sample I have in web.xml:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
and in beans.xml
<security:global-method-security secured-annotations="enabled">
<security:protect-pointcut
expression="execution(*
demo.jaxrs.service.CustomerService.getCustomer(*))"
access="ROLE_CUSTOMER, ROLE_ADMIN"/>
<security:protect-pointcut
expression="execution(*
demo.jaxrs.service.CustomerService.addCustomer(*))"
access="ROLE_ADMIN"/>
<security:protect-pointcut
expression="execution(*
demo.jaxrs.service.CustomerService.updateCustomer(Long,demo.jaxrs.service.Customer))"
access="ROLE_ADMIN"/>
<security:protect-pointcut
expression="execution(*
demo.jaxrs.service.CustomerService.deleteCustomer(*))"
access="ROLE_ADMIN"/>
<security:protect-pointcut
expression="execution(*
demo.jaxrs.service.CustomerService.getOrder(*))"
access="ROLE_CUSTOMER, ROLE_ADMIN"/>
</security:global-method-security>
<security:http auto-config='true'>
<security:http-basic />
</security:http>
The problem is with the first one, where can I put filter information in
the server class of the https example:
public class Server {
static {
// set the configuration file
SpringBusFactory factory = new SpringBusFactory();
Bus bus = factory.createBus("ServerConfig.xml");
BusFactory.setDefaultBus(bus);
}
protected Server() throws Exception {
JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean();
sf.setResourceClasses(CustomerServiceImpl.class);
sf.setResourceProvider(CustomerServiceImpl.class,
new SingletonResourceProvider(new CustomerServiceImpl()));
sf.setAddress("https://localhost:9000/";);
sf.create();
}
public static void main(String args[]) throws Exception {
new Server();
System.out.println("Server ready...");
Thread.sleep(5 * 60 * 1000);
System.out.println("Server exiting");
System.exit(0);
}
}
thanks for your quick answer.
Juanjo
2012/8/17 Glen Mazza <[email protected]>
The JAX-RS HTTPS sample doesn't use a WAR:
http://svn.apache.org/viewvc/**cxf/trunk/distribution/src/**
main/release/samples/jax_rs/**basic_https/<http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/>
HTH,
Glen
On 08/17/2012 03:45 PM, Juan José Pérez Consuegra wrote:
Hello,
I'm studing the examples given with cxf, exactly security an https. In my
proyect I need a standalone server publishing the server with no war
package. The https example seems to be like this, but security one uses a
war package. Mi question is how to mix both.
I understand that I can use https proyect using de security annotations,
but I have the next dubt, how I can stablish the filter and filter-map of
the web.xml as the one used in the security example?
<filter>
<filter-name>**springSecurityFilterChain</**filter-name>
<filter-class>org.**springframework.web.filter.**
DelegatingFilterProxy</filter-**class>
</filter>
<filter-mapping>
<filter-name>**springSecurityFilterChain</**filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Does anyone know about a complete example to guide me????
thanks a lot
