如何为Apache-CXF JAX-WS启用Spring Security [英] How to Enable Spring Security for Apache-CXF JAX-WS
问题描述
如何在Apache-CXF上为apache JAX-WS启用Spring Security? Web上的示例包括Jax-RS示例,但我不使用Jax-RS。我不想使用cxf的安全性。如何在我的代码中实现它?
How can I enable Spring Security for apache JAX-WS at Apache-CXF? Examples at web includes Jax-RS examples but I don't use Jax-RS. I don't want to use cxf's security. How can implement it at my code?
推荐答案
两种可能的方式:
对CXF使用WS-Security UsernamePasswordToken 并编写一个CallbackHandler,a)创建UsernamePasswordAuthenticationToken,b)调用authenticationManager.authenticate()和c)将身份验证存储在SecurityContextHolder中。
Use a WS-Security UsernamePasswordToken with CXF and write a CallbackHandler that a) creates a UsernamePasswordAuthenticationToken, b) calls authenticationManager.authenticate() and c) stores the authentication in the SecurityContextHolder.
请注意,上述内容不包括注销的概念,因为登录会话通常使用cookie实现,以上是无状态方法。如果您真的需要注销,那么您应该考虑使用OAuth,因为您可以通过使访问令牌无效来实现注销。
Note that the above doesn't cover the concept of logout since login sessions are generally implemented with cookies and the above are stateless approaches. If you really need logout then you should consider using OAuth because you can implement logout by invalidating access tokens.
这篇关于如何为Apache-CXF JAX-WS启用Spring Security的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
