You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Alp Timurhan Çevik <at...@promed.com.tr> on 2011/03/21 09:39:33 UTC

Security

Hello,

 

We are working on a Project that relies on several web service calls. We have some credential information within web service calls, which are not within header & we are not using ws-i security, using just custom fields for username/password pairs.

 

Currently we are using custom code to check for authentication/authorization and would like to use some security related Project, which would enable us to authorize based on roles and also we will be needing to integrate to several ldap servers & database in the future, thus current implementation is not adequate. Currently a web application is also present, which is using spring security.

 

All spring security examples I have been able to reach are for mostly web applications, that deal with sessions and login pages.

 

 

Thus, the question is, which framework to use (if using anything is possible and/or meaningful) for security ? I have seen JAAS based filters on cxf site.

 

Regards,

Alp

Re: Security

Posted by Daniel Kulp <dk...@apache.org>.

Andreas has some interesting stuff in:
http://svn.apache.org/repos/asf/cxf/sandbox/veithen/cxf-spring-security/

that integrates some Spring security things with CXF.  I'm not sure if that's 
closer to what you want, but if you already have Spring security, that may be 
something to look at.

Dan



On Monday 21 March 2011 4:39:33 AM Alp Timurhan Çevik wrote:
> Hello,
> 
> 
> 
> We are working on a Project that relies on several web service calls. We
> have some credential information within web service calls, which are not
> within header & we are not using ws-i security, using just custom fields
> for username/password pairs.
> 
> 
> 
> Currently we are using custom code to check for
> authentication/authorization and would like to use some security related
> Project, which would enable us to authorize based on roles and also we
> will be needing to integrate to several ldap servers & database in the
> future, thus current implementation is not adequate. Currently a web
> application is also present, which is using spring security.
> 
> 
> 
> All spring security examples I have been able to reach are for mostly web
> applications, that deal with sessions and login pages.
> 
> 
> 
> 
> 
> Thus, the question is, which framework to use (if using anything is
> possible and/or meaningful) for security ? I have seen JAAS based filters
> on cxf site.
> 
> 
> 
> Regards,
> 
> Alp

-- 
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
Talend - http://www.talend.com