6 Replies Latest reply on May 15, 2017 5:23 AM by vrlgohel

Securing CXF Restful Web Service With Apache Shiro

keller13 Jun 26, 2013 11:53 AM

I'd like to secure a CXF Restful Web Service with Apache Shiro. Is there a CXF interceptor or filter that can be used?

I use blueprint.xml for the configuration of the service:

<jaxrs:server id="restService" address="/rest">

<jaxrs:serviceBeans>

</jaxrs:serviceBeans>

</jaxrs:server>

As the Web Service is not running in a Servlet server, we cannot use "normal" Servlet filters. I also have seen that there is Shiro Camel modul.

Is this the recommended way to secure a Restful Web Service?

We would like to use Apache Shiro as it allows a fine granular autorisation using Java annotations. If there isn't any support for CXF by Shiro,

is there a better alternative?

Thanks, Peter

1. Re: Securing CXF Restful Web Service With Apache Shiro

ffang Jun 26, 2013 9:12 PM (in response to keller13)

Hi,

Just FYI, if you use war which have cxf endpoint and Shiro servlet filters, you can still deploy that war into JBoss FUSE 6, as JBoss FUSE 6
leverage Pax Web, so can play the role as a servlet container, though you may need do a little bit extra work to OSGi-fy your war,
take a look at [1] & [2] to get more details.

[1]https://access.redhat.com/site/documentation/en-US/JBoss_Fuse/6.0/html/Deploying_into_the_Container/files/PartWar.html
[2]https://ops4j1.jira.com/wiki/display/ops4j/Pax+Web+Extender+-+War+-+OSGi-fy

Freeman
Actions
2. Re: Securing CXF Restful Web Service With Apache Shiro

keller13 Jun 28, 2013 11:36 AM (in response to ffang)

Thanks. It would be nice if there is a more slim solution without the need of packaging everything to a war. Are there no plans of writing a Shiro CXF interceptor? Peter
Actions
3. Re: Securing CXF Restful Web Service With Apache Shiro

blacar Dec 18, 2013 3:05 AM (in response to keller13)

Hi Peter,

I'll really would like to reopen your question since i am interested in using shiro + CXF but i do not build a war and do not use any application server.

I know that is possible to add custom CXF interceptors and filters and maybe this would be the solution

Did you found any other solution to this?

Best regards,
Actions
4. Re: Securing CXF Restful Web Service With Apache Shiro

pires Feb 18, 2014 8:20 AM (in response to blacar)

+1
Actions
5. Re: Securing CXF Restful Web Service With Apache Shiro

imranrazakhankhetran May 14, 2017 1:16 AM (in response to blacar)

Hi,

Do you guys found any solution for Securing CXF restful with Apache Shiro.

Regards
Actions
6. Re: Securing CXF Restful Web Service With Apache Shiro

vrlgohel May 15, 2017 5:23 AM (in response to imranrazakhankhetran)

You can check this example, https://github.com/coheigea/testcases/tree/master/apache/cxf/cxf-shiro
Actions

Go to original post