Hi
On 22/02/13 12:59, svasanta wrote:
Hi,
I am using CFX 2.6.3. Does CFX RESTfull web service support @RollsAllowed
annotation ?
What I am looking for is:
I want to annotate my rest method like @RollsAllowed({"admin"}). and
expectation is only users with admin role should be allowed to access the
method. Like this I want to have different role constraints for
methods/classes.
Is there any other way to do this, preferably using annotations ?
Sure, have a look at
http://svn.apache.org/repos/asf/cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_simple_security/WEB-INF/beans.xml
You can use either CXF interceptors or JAX-RS filters, the latter will
return 403 in case of authorization failures.
For example,
org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor will
analyze the injected bean for RolesAllowed by default - you can tell it
if other annotation needs to be checked (such as Spring @Secured)
Sergey
--
View this message in context:
http://cxf.547215.n5.nabble.com/Is-it-possible-to-use-RollsAllowed-annotation-in-CFX-RESTfull-tp5723575.html
Sent from the cxf-user mailing list archive at Nabble.com.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
