You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Unknown macro: {span}

Securing CXF Services

Secure transports

HTTPS

Please see the Configuring SSL Support page for more information.

WS-* Security

Please see the WS-* Support page for more information.

Authentication

Container or Spring Security managed authentication as well as the custom authentication are all the viable options used by CXF developers.

Starting from CXF 2.3.2 and 2.4.0 it is possible to use an org.apache.cxf.interceptor.security.JAASLoginInterceptor in order to authenticate a current user and populate a CXF SecurityContext.

Authorization

Container or Spring Security managed authorization as well as the custom authorization are all the viable options used by CXF developers.

CXF 2.3.2 and 2.4.0 introduce org.apache.cxf.interceptor.security.SimpleAuthorizingInterceptor and org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor interceptors which can help with enforcing the authorization rules.

  • No labels