Rob
Reputation: 703
Securing apache CXF REST and SOAP services and retrieving authorities in code
I have followed the article here http://chrisdail.com/2008/08/13/http-basic-authentication-with-apache-cxf-revisited/
I now have a working interceptor for my soap service that wont let the services be used without the username and password.
I have a couple of questions though:
How can I, in a different package in my business logic, access the authorisation object to find out who is logged in and their roles?
How can I attached the same system to a rest service, is it possible or do I need to do it separatley?
Cheeers, Rob
Upvotes: 0
Views: 408
Answers (1)
Daniel Kulp
Reputation: 14607
From within the service, you can do something like:
PhaseInterceptorChain.getCurrentMessage().get(AuthorizationPolicy.class);
to get the AuthorizationPolicy and use that for whatever actions you need.
Upvotes: 2
Related Questions
- How to secure a SOAP web service with WSS with CXF
- Apache CXF authentication + spring security
- How to Enable Spring Security for Apache-CXF JAX-WS
- Spring Boot/Security/Apache CXF SOAP service access restriction
- Apache CXF: How to secure JAX-RS web service with basic authentication
- how to secure apache cxf webservice(jax-ws) using oAuth 2.0
- Apache CXF - JAX-RS Security
- How to prevent CXF secured webservices access from browser
- Implementing Security for Java Web Services with Spring and Apache CXF
- Securing Web Service communication with SSL using CXF