tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Romain Manni-Bucau <rmannibu...@gmail.com>
Subject Re: TomEE2 JAXRS Security Context
Date Fri, 16 Jan 2015 10:31:38 GMT
Just curious: what is Interceptors package? shouldn't it be
@org.apache.cxf.interceptor.InInterceptors?

you can also configure it in openejb-jar.xml through
cxf.jaxrs.in-interceptors =
org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor


Romain Manni-Bucau
@rmannibucau
http://www.tomitribe.com
http://rmannibucau.wordpress.com
https://github.com/rmannibucau


2015-01-16 11:24 GMT+01:00 SKR <kras@cosma-consult.de>:
> Hi
>
> Sorry for intercepting here ;) but I'd like to take your thread about the
> SecureAnnotationsInterceptor.
>
> If I got it right, it should be possible to use @RolesAllowed annotation on
> a JAX-RS service method (Not Ejb!), if using CXF's
> SecureAnnotationsInterceptor. Is this correct?
>
> I prepared a small service that does not like to run because the
> SecureAnnotationsInterceptor is never called.
>
> Application Class:
> @javax.ws.rs.ApplicationPath("/test")
> @Interceptors(org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor.class)
> public class DeviceService extends Application {
>
>         @Override
>         public Set<Class&lt;?>> getClasses() {
>                 Set<Class&lt;?>> s = new HashSet<Class&lt;?>>();
>                 s.add(MyServiceClass.class);
>                 return s;
>         }
> }
>
> Service Class:
> import javax.annotation.security.RolesAllowed;
> import javax.ws.rs.GET;
>
> @GET
> @RolesAllowed("myRole")
> public String getTest() {
>   return "TEST"
> }
>
> I deployed it on tomEE 1.7.1-plus.
>
> In fact everyone can invoke the service. The SecureAnnotationsInterceptor
> class gets not even loaded!
>
> I tried to follow the CXF reference on
> http://cxf.apache.org/docs/secure-jax-rs-services.html.
> Instead of
> @Interceptors(org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor.class)
> I tried to register the Interceptor in a cxf-servlet.xml file, that I placed
> directly in WEB-INF/.
>
> <?xml version="1.0" encoding="UTF-8"?>
>
> <beans xmlns="http://www.springframework.org/schema/beans"
>         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:jaxrs="http://cxf.apache.org/jaxrs"
>         xsi:schemaLocation="http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
>      http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd">
>
>   <bean id="secureBean" class="MyServiceClass"/>
>
>   <bean id="authorizationInterceptor"
>
> class="org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor">
>        <property name="securedObject" ref="secureBean"/>
>   </bean>
>
>   <jaxrs:server address="/test">
>     <jaxrs:providers>
>       <ref bean="authorizationInterceptor" />
>     </jaxrs:providers>
>   </jaxrs:server>
>
> </beans>
>
> The result is the same. The interceptor class gets not even loaded :(
>
> I tried to follow you advice not losing too much time on it ;) I failed.
> Do you have some suggestions?
>
> Thanks!
>
>
>
>
> --
> View this message in context: http://tomee-openejb.979440.n4.nabble.com/TomEE2-JAXRS-Security-Context-tp4672828p4673407.html
> Sent from the TomEE Users mailing list archive at Nabble.com.

Mime
View raw message