distribution/src/main/release/samples/jax_rs/spring_security/README.txt - cxf - Git at Google

 JAX-RS Spring Security Demo
 ===========================

 The demo shows how to use Spring Security to secure a JAXRS-based RESTful service.

 Two approaches toward securing a service are shown :
 - using Spring Security @Secured annotations
 - using AspectJ pointcut expressions

 Additionally, JAXRS annotations inheritance is demonstrated, from both interface
 and abstract class definitions.


 Building and running the demo using Maven
 -----------------------------------------

 From the base directory of this sample (i.e., where this README file is
 located), the maven pom.xml file can be used to build and run the demo.

 Using either UNIX or Windows:

   mvn clean install
   mvn -Pserver  (from one command line window)
   mvn -Pclient  (from a second command line window)

 To remove the target directory, run "mvn clean".


 What happens when the demo is run
 ---------------------------------

 The demo web application located in a webapp folder is configured for two users, Fred and Bob,
 to be able to access various methods of a customer service bean.

 Fred is in both ROLE_CUSTOMER and ROLE_ADMIN roles, while Bob is in the ROLE_CUSTOMER role only.
 After the server starts, the client is run and it's shown that Fred can access all the methods
 while Bob can access only those which ROLE_CUSTOMER users are permitted to.

 By default, the demo is configured to use AspectJ pointcut expressions to apply ACL rules to a service bean.
 Please see src/main/webapp/WEB-INF/beans.xml as well as src/demo/jaxrs/service.

 demo.jaxrs.service.CustomerServiceImpl bean implements the CustomerService interface. AspectJ
 expressions are applied to interface methods. Note neither CustomerService interface nor
 its CustomerServiceImpl implementation have security-specific annotations. CustomerService
 interface does have JAXRS annotations which are inherited by the service bean.

 To see the @Secured annotations in action, please uncomment

 <bean id="customerservice" class="demo.jaxrs.service.CustomerServiceSecuredImpl"/>

 and comment the one used by default:

 <bean id="customerservice" class="demo.jaxrs.service.CustomerServiceImpl"/>

 Note this time @Secured annotations are coming from a CustomerServiceSecured interface,
 while JAXRS annotations are inherited from AbstractCustomerServiceSecured class. Also
 the secure annotations have to be explictly enabled in the configuration:

 <security:global-method-security secured-annotations="enabled"/>

 Basic authentication is used to provide user credentials to a service.
 For simplicity, the HTTPS protocol is avoided in this sample but should be used
 in production.
	JAX-RS Spring Security Demo
	===========================

	The demo shows how to use Spring Security to secure a JAXRS-based RESTful service.

	Two approaches toward securing a service are shown :
	- using Spring Security @Secured annotations
	- using AspectJ pointcut expressions

	Additionally, JAXRS annotations inheritance is demonstrated, from both interface
	and abstract class definitions.


	Building and running the demo using Maven
	-----------------------------------------

	From the base directory of this sample (i.e., where this README file is
	located), the maven pom.xml file can be used to build and run the demo.

	Using either UNIX or Windows:

	mvn clean install
	mvn -Pserver (from one command line window)
	mvn -Pclient (from a second command line window)

	To remove the target directory, run "mvn clean".


	What happens when the demo is run
	---------------------------------

	The demo web application located in a webapp folder is configured for two users, Fred and Bob,
	to be able to access various methods of a customer service bean.

	Fred is in both ROLE_CUSTOMER and ROLE_ADMIN roles, while Bob is in the ROLE_CUSTOMER role only.
	After the server starts, the client is run and it's shown that Fred can access all the methods
	while Bob can access only those which ROLE_CUSTOMER users are permitted to.

	By default, the demo is configured to use AspectJ pointcut expressions to apply ACL rules to a service bean.
	Please see src/main/webapp/WEB-INF/beans.xml as well as src/demo/jaxrs/service.

	demo.jaxrs.service.CustomerServiceImpl bean implements the CustomerService interface. AspectJ
	expressions are applied to interface methods. Note neither CustomerService interface nor
	its CustomerServiceImpl implementation have security-specific annotations. CustomerService
	interface does have JAXRS annotations which are inherited by the service bean.

	To see the @Secured annotations in action, please uncomment

	<bean id="customerservice" class="demo.jaxrs.service.CustomerServiceSecuredImpl"/>

	and comment the one used by default:

	<bean id="customerservice" class="demo.jaxrs.service.CustomerServiceImpl"/>

	Note this time @Secured annotations are coming from a CustomerServiceSecured interface,
	while JAXRS annotations are inherited from AbstractCustomerServiceSecured class. Also
	the secure annotations have to be explictly enabled in the configuration:

	<security:global-method-security secured-annotations="enabled"/>

	Basic authentication is used to provide user credentials to a service.
	For simplicity, the HTTPS protocol is avoided in this sample but should be used
	in production.