I want to transform an existing XML-based webservice to a REST webservice. While the services are working already, I'm struggling with implementing the security.
In the former implementation, we used interceptors like this (file ws-server-context.xml
):
<jaxws:endpoint id="someService" implementor="..." address="/..." >
<jaxws:inInterceptors>
<bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken" />
<entry key="passwordType" value="PasswordText" />
<entry key="passwordCallbackRef" value-ref="sessionService" />
</map>
</constructor-arg>
</bean>
</jaxws:inInterceptors>
</jaxws:endpoint>
Whenever the address of this endpoint is called, the method handle(Callback[] callbacks)
of the bean sessionService
is invoked, which checks for proper credentials (username + token). This bean implements the interface CallbackHandler
.
How can this approach be implemented in JAX-RS? The endpoints are defined at the webservice classes themself (@Path
), so do I need to use any annotations there? How do I register the interceptors?
Thanks for your help!
Instead of the interceptor, you can declare a filter in your web.xml -
This class will be called before your JAX-RS implementation.
You can refer to the
callBackHandler
from within the filter class.