tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From SKR <>
Subject Re: TomEE2 JAXRS Security Context
Date Fri, 16 Jan 2015 10:24:36 GMT

Sorry for intercepting here ;) but I'd like to take your thread about the

If I got it right, it should be possible to use @RolesAllowed annotation on
a JAX-RS service method (Not Ejb!), if using CXF's
SecureAnnotationsInterceptor. Is this correct?

I prepared a small service that does not like to run because the
SecureAnnotationsInterceptor is never called.

Application Class:"/test")
public class DeviceService extends Application {

	public Set<Class&lt;?>> getClasses() {
		Set<Class&lt;?>> s = new HashSet<Class&lt;?>>();
		return s;

Service Class:

public String getTest() {
  return "TEST"

I deployed it on tomEE 1.7.1-plus.

In fact everyone can invoke the service. The SecureAnnotationsInterceptor
class gets not even loaded!

I tried to follow the CXF reference on
Instead of
I tried to register the Interceptor in a cxf-servlet.xml file, that I placed
directly in WEB-INF/.

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns=""

  <bean id="secureBean" class="MyServiceClass"/>
  <bean id="authorizationInterceptor"  
       <property name="securedObject" ref="secureBean"/>

  <jaxrs:server address="/test">
      <ref bean="authorizationInterceptor" />


The result is the same. The interceptor class gets not even loaded :(

I tried to follow you advice not losing too much time on it ;) I failed. 
Do you have some suggestions?


View this message in context:
Sent from the TomEE Users mailing list archive at

View raw message