Reputation: 75117
How to Enable Spring Security for Apache-CXF JAX-WS
How can I enable Spring Security for apache JAX-WS at Apache-CXF? Examples at web includes Jax-RS examples but I don't use Jax-RS. I don't want to use cxf's security. How can implement it at my code?
Upvotes: 5
Views: 11351
Answers (1)
Reputation: 24040
Two potential ways:
Put a BasicAuthenticationFilter or DigestAuthenticationFilter in front of your CXF Servlet.
Use a WS-Security UsernamePasswordToken with CXF and write a CallbackHandler that a) creates a UsernamePasswordAuthenticationToken, b) calls authenticationManager.authenticate() and c) stores the authentication in the SecurityContextHolder.
Note that the above doesn't cover the concept of logout since login sessions are generally implemented with cookies and the above are stateless approaches. If you really need logout then you should consider using OAuth because you can implement logout by invalidating access tokens.
Upvotes: 9
Related Questions
- Apache CXF Policy Exception (WS Security)- Security configuration could not be detected
- Apache CXF authentication + spring security
- Having Trouble Configuring Spring Security
- Spring Boot/Security/Apache CXF SOAP service access restriction
- how to add security header in jax-ws request
- WS-Security not working with CXF
- Apache CXF and WS-Security - Password Callback
- Apache CXF - JAX-RS Security
- How to prevent CXF secured webservices access from browser
- Implementing Security for Java Web Services with Spring and Apache CXF