Versions Compared

Old Version 1

changes.mady.by.user Sergey Beryozkin

Saved on

compared with

New Version 2

changes.mady.by.user Sergey Beryozkin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Wiki Markup
{span:style=font-size:2em;font-weight:bold} Securing CXF Services {span}

{toc}

h1. Secure transports

h2. HTTPS

Please see the [Configuring SSL Support|http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html] page for more information.

h1. WS-* Security

Please see the [WS-* Support|http://cxf.apache.org/docs/ws-support.html] page for more information.

h1. Authentication
 
Container or Spring Security managed authentication as well as the custom authentication are all the viable options used by CXF developers.

Starting from CXF 2.3.2 and 2.4.0 it is possible to use an org.apache.cxf.interceptor.security.JAASLoginInterceptor in order to authenticate a current user and populate a CXF SecurityContext.

h1. Authorization

Container or Spring Security managed authorization as well as the custom authorization are all the viable options used by CXF developers.

CXF 2.3.2 and 2.4.0 introduce org.apache.cxf.interceptor.security.SimpleAuthorizingInterceptor and org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor interceptors which can help with enforcing the authorization rules.