Hi,
I want to use Spring-Security to protect a bunch of JAX-RS endpoints in
a couple of different (independent) applications.
One of the applications will start off using basic auth and will
probably never progress beyond that, so I could use CXF interceptors to
handle the auth.
The other application will use CAS, and I'm not aware of any CXF
interceptors that handle that.
Hence the desire to use Spring-Security.
My problem is that I want to be able to have maven run integration tests
that validate the method level security on each build (and preferably in
the same test cases that test other aspects of the REST interface).
Previously I have just carried out my testing by having CXF construct a
localhost endpoint, but this means that spring knows nothing about the
network side of the tests and thus spring-security isn't used.
Is it possible to introduce the Spring-Security filters into the jetty
instance created by CXF?
If not, is it possible to have a Spring JUnit testcase created as a
(real, not mock) servlet container so that CXF can use a relative address?
Another thought was to find a way to have the CXF WebClient use a Spring
mock endpoint, but I have even less idea about how to do that.
Any ideas?
Thanks
Jim
