Hi: I'm newbie by using CXF framework and I'd like to take the best choice about security matters ( authorization/authentication ) Maybe more expert users can help me.
I need to develop JAX-WS (SOAP/HTTP) and JAX-RS (XML/JSON/HTTP) services and I need to get the client ID who is calling that web service for loading custom config files by client profile/role . Sometimes, it will be the same implementation but different prococol binding ( I think CXF framework allows this feature ) 1) I would like to use a standard authetication/authorization model. I've seen WS-Security but I think that it only works with SOAP messages, am I wrong ? could it be used with REST client/services? 2) Other choice is use HTTP Authentication , For example, I could use Realm mechanism implemented by Tomcat to authenticate users That is supported by SOAP/HTTP and REST/JSON//HTTP clients Could I retrieve client ID ( Principal ) from WebserviceContext with HTTP Authentication ? Do i need to get HTTPRequest to get client ID ? 3) As I told you, I want to load custom config files by client profile/role calling a service Could I to implement this by a interceptor and this interceptor updates 'service call' with custom values ? What is the best way to face this issue ? I want to perform something like Filters (Servlet) and update requests context with custom info by client/user/role Thanks Best regards
