May 7th, 2011, 08:51 AM
Secure and Open Methods - How?
I have created as Spring web service, and I want there to be both secure (authenticated) and open methods, but I am not sure how to do this using WS-Security. Both interceptors seem to place the authn/authz boundaries around the entire web service. I could easily do this with my own login() and logout() methods in combination with JAAS, but I was hoping that I could achieve this in some declarative manner. I would think that authorization requirements would force the ability to have open methods since multiple roles would necessitate method/message-level security.
Am I missing something?
May 7th, 2011, 11:19 AM
XWS-Security's Operation Elements
XWS allows for operation-level security, but since the Spring implementation of it requires that the SecurityConfiguration element be the root of the policy file, I don't see how to make use of the operation-level security since the Operation element is not a child of the SecurityConfiguration element.