java 如何为 Apache-CXF JAX-WS 启用 Spring Security
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10975070/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to Enable Spring Security for Apache-CXF JAX-WS
提问by kamaci
How can I enable Spring Security for apache JAX-WS at Apache-CXF? Examples at web includes Jax-RS examples but I don't use Jax-RS. I don't want to use cxf's security. How can implement it at my code?
如何在 Apache-CXF 上为 apache JAX-WS 启用 Spring Security?Web 上的示例包括 Jax-RS 示例,但我不使用 Jax-RS。我不想使用 cxf 的安全性。如何在我的代码中实现它?
回答by sourcedelica
Two potential ways:
两种可能的方式:
Put a BasicAuthenticationFilter or DigestAuthenticationFilterin front of your CXF Servlet.
Use a WS-Security UsernamePasswordTokenwith CXF and write a CallbackHandler that a) creates a UsernamePasswordAuthenticationToken, b) calls authenticationManager.authenticate() and c) stores the authentication in the SecurityContextHolder.
将BasicAuthenticationFilter 或 DigestAuthenticationFilter放在您的 CXF Servlet 前面。
将 WS-Security UsernamePasswordToken与 CXF 一起使用,并编写一个 CallbackHandler,它 a) 创建一个 UsernamePasswordAuthenticationToken,b) 调用 authenticationManager.authenticate() 和 c) 将身份验证存储在 SecurityContextHolder 中。
Note that the above doesn't cover the concept of logout since login sessions are generally implemented with cookies and the above are stateless approaches. If you really need logout then you should consider using OAuth because you can implement logout by invalidating access tokens.
请注意,上述内容并未涵盖注销的概念,因为登录会话通常是使用 cookie 实现的,而上述内容是无状态方法。如果您确实需要注销,那么您应该考虑使用 OAuth,因为您可以通过使访问令牌无效来实现注销。
