2 Replies Latest reply on Aug 28, 2011 10:47 PM by Vanessa Towers

    Secure RESTful web servicse in Fuse ESB

    Vanessa Towers Newbie

      Background: I have been following the Fuse ESB Security documentation. So far I have enabled LDAP Authentication in the OSGi container (following Fuse ESB tutorial). I have also completed the Fuse ESB tutorial on enabling LDAP authentication for deployed brokers (which also uses the OSGi container JAAS realm). All good.


      I am now trying to figure out if I can use the same OSGi container JAAS realm which is configured to authenticate against LDAP, to secure RESTful web services deployed as OSGi bundles in Fuse ESB. The "Secure Apache CXF Web Services with SSL TLS and WS-Security" webinar touches on how to achieve this for SOAP based web services using interceptors/callback handler approach but does not seem to cover CXF RESTful web services (I believe because there is no ws-security in this case?).


      What is best practise for securing CXF RESTful web services by plugging them into the OSGi container JAAS realm? Or if that is not the done thing should I be securing them at the web service level - using Spring Security or something like that?


      Guidance greatly appreciated from the Fuse team (or community) on how to proceed. Thanks in advance.