Announcement Announcement Module
No announcement yet.
Secure and Open Methods - How? Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Secure and Open Methods - How?

    I have created as Spring web service, and I want there to be both secure (authenticated) and open methods, but I am not sure how to do this using WS-Security. Both interceptors seem to place the authn/authz boundaries around the entire web service. I could easily do this with my own login() and logout() methods in combination with JAAS, but I was hoping that I could achieve this in some declarative manner. I would think that authorization requirements would force the ability to have open methods since multiple roles would necessitate method/message-level security.

    Am I missing something?


  • #2
    XWS-Security's Operation Elements

    XWS allows for operation-level security, but since the Spring implementation of it requires that the SecurityConfiguration element be the root of the policy file, I don't see how to make use of the operation-level security since the Operation element is not a child of the SecurityConfiguration element.