6 Replies Latest reply on May 15, 2017 5:23 AM by vrlgohel

    Securing CXF Restful Web Service With Apache Shiro


      I'd like to secure a CXF Restful Web Service with Apache Shiro. Is there a CXF interceptor or filter that can be used?


      I use blueprint.xml for the configuration of the service:


      <jaxrs:server id="restService" address="/rest">


                  <ref component-id="caseWs" />




      <bean id="caseWs" class="ch.deimos.soe.ws.service.CaseWebService" />


      As the Web Service is not running in a Servlet server, we cannot use "normal" Servlet filters. I also have seen that there is Shiro Camel modul.

      Is this the recommended way to secure a Restful Web Service?


      We would like to use Apache Shiro as it allows a fine granular autorisation using Java annotations. If there isn't any support for CXF by Shiro,

      is there a better alternative?


      Thanks, Peter