6 Replies Latest reply on May 15, 2017 5:23 AM by Viral Gohel

    Securing CXF Restful Web Service With Apache Shiro

    Peter Keller Newbie

      I'd like to secure a CXF Restful Web Service with Apache Shiro. Is there a CXF interceptor or filter that can be used?

       

      I use blueprint.xml for the configuration of the service:

       

      <jaxrs:server id="restService" address="/rest">

              <jaxrs:serviceBeans>

                  <ref component-id="caseWs" />

              </jaxrs:serviceBeans> 

      </jaxrs:server>

       

      <bean id="caseWs" class="ch.deimos.soe.ws.service.CaseWebService" />

       

      As the Web Service is not running in a Servlet server, we cannot use "normal" Servlet filters. I also have seen that there is Shiro Camel modul.

      Is this the recommended way to secure a Restful Web Service?

       

      We would like to use Apache Shiro as it allows a fine granular autorisation using Java annotations. If there isn't any support for CXF by Shiro,

      is there a better alternative?

       

      Thanks, Peter