tags:

views:

167

answers:

2
+1  Q: 

How do you secure Apache CXF RESTful APIs?

Is there an easy way to secure RESTful API exposed via Apache CXF's JAX-RS implementation? Are there any hooks for security via Spring Security?.

I heard of people using Basic Authentication over HTTPS, but I haven't seen any actual examples. Any ideas would be greatly appreciated.

Thanks!

A: 

see http://chrisdail.com/2008/08/13/http-basic-authentication-with-apache-cxf-revisited/

scott miller  2010-06-25 20:27:21
A: 

Don't know about CXF, but in Resteasy you can configure it as you would for any other web application, and then do..

@Context private SecurityContext sc;

Which allows you to check things such as sc.isUserInRole("admin");. CXF may provide the same functionality.

Robert Wilson  2010-07-12 10:31:22

related questions

CXF maven plugin generate classes in wrong directory
How can I cache the marshalled SOAP XML generated by Apache CXF for a particular Java Object to improve performance?
Is javax.xml.soap better then apache cxf?
How to keep Apache CXF from converting primatives to object types?
Get reference to spring bean from @WebService
How to write a CXF client with implicit security header.
What can I use to create a REST client in Java?
Is there a way in CXF to disable the SoapCompressed header for debugging purposes?
CXF IllegalAnnotationException related to no-arg StackTraceElement constructor
CXF & SSL: Timeout Troubles
Setting the default SocketFactory
How can I extend Java code generated by JAXB, CXF or Hibernate tools?
How do I consume a web service protected with HTTP basic authentication using the CXF framework?
CXF without Spring
Locale instance in web service
CXF dynamic client API - getUnwrapperOperation, getWrappedOperation
content not allowed in prolog exception
CXF generated web service client
What is the best way to expose a WCF service so that it can be easily consumed from Java/CXF?
How do you use TLS/SSL Http Authentication with a CXF client to a web service?
WSDL2Java for overloaded methods ?
JAXB XmlID and XmlIDREF annotations (Schema to Java)
Which framework is better CXF or Spring-WS?
Can a web service return a stream?
Detecting Client Disconnects in Web Services