Just curious: what is Interceptors package? shouldn't it be @org.apache.cxf.interceptor.InInterceptors?
you can also configure it in openejb-jar.xml through cxf.jaxrs.in-interceptors = org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor Romain Manni-Bucau @rmannibucau http://www.tomitribe.com http://rmannibucau.wordpress.com https://github.com/rmannibucau 2015-01-16 11:24 GMT+01:00 SKR <[email protected]>: > Hi > > Sorry for intercepting here ;) but I'd like to take your thread about the > SecureAnnotationsInterceptor. > > If I got it right, it should be possible to use @RolesAllowed annotation on > a JAX-RS service method (Not Ejb!), if using CXF's > SecureAnnotationsInterceptor. Is this correct? > > I prepared a small service that does not like to run because the > SecureAnnotationsInterceptor is never called. > > Application Class: > @javax.ws.rs.ApplicationPath("/test") > @Interceptors(org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor.class) > public class DeviceService extends Application { > > @Override > public Set<Class<?>> getClasses() { > Set<Class<?>> s = new HashSet<Class<?>>(); > s.add(MyServiceClass.class); > return s; > } > } > > Service Class: > import javax.annotation.security.RolesAllowed; > import javax.ws.rs.GET; > > @GET > @RolesAllowed("myRole") > public String getTest() { > return "TEST" > } > > I deployed it on tomEE 1.7.1-plus. > > In fact everyone can invoke the service. The SecureAnnotationsInterceptor > class gets not even loaded! > > I tried to follow the CXF reference on > http://cxf.apache.org/docs/secure-jax-rs-services.html. > Instead of > @Interceptors(org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor.class) > I tried to register the Interceptor in a cxf-servlet.xml file, that I placed > directly in WEB-INF/. > > <?xml version="1.0" encoding="UTF-8"?> > > <beans xmlns="http://www.springframework.org/schema/beans"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns:jaxrs="http://cxf.apache.org/jaxrs"; > xsi:schemaLocation="http://www.springframework.org/schema/beans > http://www.springframework.org/schema/beans/spring-beans-2.0.xsd > http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd";> > > <bean id="secureBean" class="MyServiceClass"/> > > <bean id="authorizationInterceptor" > > class="org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor"> > <property name="securedObject" ref="secureBean"/> > </bean> > > <jaxrs:server address="/test"> > <jaxrs:providers> > <ref bean="authorizationInterceptor" /> > </jaxrs:providers> > </jaxrs:server> > > </beans> > > The result is the same. The interceptor class gets not even loaded :( > > I tried to follow you advice not losing too much time on it ;) I failed. > Do you have some suggestions? > > Thanks! > > > > > -- > View this message in context: > http://tomee-openejb.979440.n4.nabble.com/TomEE2-JAXRS-Security-Context-tp4672828p4673407.html > Sent from the TomEE Users mailing list archive at Nabble.com.
