I would like to have a webservice designed using Apache CXF incorporating the authorization (method-level) with Java (along with database). Say for instance, an implemnation class A has two methods getData and addData. I would like to allow one set of role to access getData and other to access the addData method. What I need there is, one user passes the userid/service id from Client, the webservice authenticates the user and then when the method is invoked, based on the roles allowed the method should be either accessible or not. I would like to get these roles details from the database based on the logged-in-user. Can JAAS be used in this context? however I need the details for the roles from DB alone as there may be may 100s of method and having the @RolesAllowed specified in each method becomes cumbersome and unmanagable. Have googled through all the relevant topics ,haven't found any good solution for this.Please suggest me something on this.
-- View this message in context: http://cxf.547215.n5.nabble.com/SOAP-Webservices-Authorization-with-Java-using-Apache-CXF-tp5734142.html Sent from the cxf-user mailing list archive at Nabble.com.
