Hi
On 14/01/14 13:22, blacar wrote:
Hi Sergey,
I've created a custom annotation. My intention is to use it as
@Secured("admin"). I've configured it as you told and i can see it defined
at runtime as annotationClassName attribute ... so, Thanks!
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Inherited
@Documented
public @interface Secured {
public String[] value();
}
However i am still missing something. :P
I see interceptor is called, target method is correct but getExpectedRoles
returns empty list, so authorization is always granted; and this is (i
guess) because methodRolesMap is empty and i think it shouldn't ... but i
don't know whats the missing piece.
This is what i added to my application context:
<bean id="authorizationFilter"
class="org.apache.cxf.jaxrs.security.SimpleAuthorizingFilter">
<property name="interceptor" ref="authorizationInterceptor"/>
</bean>
<bean id="authorizationInterceptor"
class="org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor">
<property name="securedObject" ref="serviceImpl" />
<property name="annotationClassName"
value="com.blacar.apps.spike.cxf.jaxrs.Secured" />
</bean>
where serviceImpl is my JAX-RS annotated class with a method holding the
@Secured("admin")
I suspect it is to do with the ordering of properties, at the moment
when a securedObject property is set then it is checked immediately, it
will need to be fixed for the ordering not making a difference, but for
now please set the annotationClassName first and it will work
Cheers, Sergey
Cheers,
--
View this message in context:
http://cxf.547215.n5.nabble.com/SecureAnnotationsInterceptor-using-non-default-annotation-tp5738528p5738541.html
Sent from the cxf-user mailing list archive at Nabble.com.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
