Hi Mickael, You can use CXF AbstractAuthorizingInInterceptor and SimpleAuthorizingInInterceptor as basis: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractAuthorizingInInterceptor.java http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/SimpleAuthorizingInterceptor.java
Idea is the following: SimpleAuthorizingInInterceptor is configured with methods-roles map. Interceptor validates does user in given role have permissions to accessing method. There is the sample configuration in http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_jaas_security/WEB-INF/beans.xml It can be a good starting point for your task. Regards, Andrei. -----Original Message----- From: Mickael Marrache [mailto:[email protected]] Sent: Mittwoch, 29. August 2012 10:39 To: [email protected] Subject: Authorization with CXF and WSS4J? Hi, I'm looking for a way to implement web service authorization with CXF but I can't find anything on the CXF documentation, nor on the web. I would like to define roles, and to specify for each web method which roles are authorized... I've looked at the different WS-* support in the doc, especially WS-Security, WS-SecurityPolicy and WS-Policy but I don't understand how these can be use for authorization. Please, provide me some links in the case it is possible. Thanks
