Wednesday, March 12, 2014

Apache CXF Authentication and Authorization test-cases

I've recently uploaded some test-cases to github that show different ways to authenticate and authorize a web services invocation using Apache CXF. Each project has the same two simple use-cases:
  • A JAX-WS request where the service requires a WS-Security UsernameToken over TLS.
  • A JAX-WS request where the service requires HTTP Basic Auth over TLS.
Each project has an "AuthenticationTest" that just illustrates some tests (including negative tests) for authentication, and then an "AuthorizationTest" that relies on authorizing the client based on roles that are retrieved as part of the authentication process somehow. The projects are as follows:
  • cxf-ldap: This project uses JAAS to authenticate a user via LDAP to a Apache Directory backend. The roles are also retrieved for the AuthorizationTest.
  • cxf-shiro: This project uses Apache Shiro for authentication and authorization.
  • cxf-spring-security: This project uses Spring Security for authentication and authorization.
  • cxf-syncope: This project uses the REST API of Apache Syncope for authenticating and authorizating users.
Feel free to download and play around with the projects.


  1. spring security sample it's not work with spring security 4

  2. I've updated the sample to use Spring Security 4.