I am using
java first appraoch to expose java interfaces as web service using Apache CXF JAX-WS implementation.
@WebService
interface MyInterface {
public void method1();
public void method2();
public void method3();
}
I have exposed all these methods in a single wsdl. Now here are my requirements
1)Autheticate all the clients which use this webservice(i need to talk to ldap)
2)Authorization- since i have exposed all methods in single wsdl, the clients may invoke other methods which are not meant to be invoked.
For Example Client1 should invoke only method1, client2 --> method2 and so on.
I am stuck in point 2. I have a solution where in we can write Apache CXF interceptors which will first authenticate the clients using ldap. I can have a mapping of client and methods it can invoke. If the client invokes a method which is not in the map, i will throw an error. Are there any ways of handling this scenario ? Can i push this mapping to ldap ? I will pass the operation name and the user credential to ldap, it should authenticate and authorize the clients . And yes i want to give the same wsdl to all clients which will have all the operations. I am not sure if WS-policy can come to my rescue.
Thanks in advance!!