CXF WS authentication and authorization

<?xml version="1.0" encoding="UTF-8"?>
<blueprint
    xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:cxf="http://cxf.apache.org/blueprint/core"
    xmlns:camelcxf="http://camel.apache.org/schema/blueprint/cxf"
    xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0"
    xsi:schemaLocation="
        http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
        http://camel.apache.org/schema/cxf http://camel.apache.org/schema/cxf/camel-cxf.xsd http://camel.apache.org/schema/blueprint
        http://camel.apache.org/schema/blueprint/camel-blueprint.xsd http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0
        http://svn.apache.org/repos/asf/aries/trunk/blueprint/blueprint-cm/src/main/resources/org/apache/aries/blueprint/compendium/cm/blueprint-cm-1.1.0.xsd
        http://cxf.apache.org/blueprint/core http://cxf.apache.org/schemas/blueprint/core.xsd">


    <bean id="authenticationInterceptor"
          class="org.apache.cxf.interceptor.security.JAASLoginInterceptor">
        <property name="contextName" value="karaf"/>
        <property name="roleClassifier" value="RolePrincipal"/>
        <property name="roleClassifierType" value="classname"/>
    </bean>

    <bean id="wsSecInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
        <argument>
            <map>
                <entry key="action" value="UsernameToken"/>
                <entry key="passwordType" value="PasswordText"/>
            </map>
        </argument>
    </bean>

    <bean id="authorizationInterceptor" class="org.apache.cxf.interceptor.security.SimpleAuthorizingInterceptor">
<!-- no wildcard support, names need to match exactly -->
<!--        <property name="methodRolesMap">
            <map>

                <entry key="method_1" value="ROLE_USER ROLE_ADMIN"/>
                <entry key="method_2" value="ROLE_ADMIN"/>
            </map>
        </property>-->
        <!-- its possible to define global roles that apply to all WSDL operations not listed above -->
        <property name="globalRoles" value="ROLE_WS_USER"/>
    </bean>

    <camelcxf:cxfEndpoint id="egovAddressEndpoint"
                          address="/egov/api/external/AddressService"
                          xmlns:addr="http://address.ws.egov.xxx.com/v1_0/ws"
                          serviceName="addr:eGovAddressService"
                          endpointName="addr:AddressServicePortBinding"
                          serviceClass="com.xxx.egov.ws.address.v1_0.ws.EGovAddressService">
        <!--        wsdlURL="classpath:com/xxx/egov/ws/address/v1_0/AddressService.wsdl"-->
        <camelcxf:properties>
            <entry key="dataFormat" value="PAYLOAD" />
<!-- maybe one of these is enough, I put both directives to be sure.
    The intention is not to provide a password callback, but let the CXF
    use an underlaying security context to authenticate and authorize users -->
            <entry key="ws-security.ut.no-callbacks" value="true"/>
            <entry key="ws-security.validate.token" value="false"/>
        </camelcxf:properties>
        <camelcxf:outInterceptors>
            <!--<bean class="org.apache.cxf.interceptor.LoggingOutInterceptor"/>-->
        </camelcxf:outInterceptors>
        <camelcxf:inInterceptors>
            <!--<bean class="org.apache.cxf.interceptor.LoggingInInterceptor"/>-->
            <ref component-id="wsSecInterceptor" />
            <ref component-id="authenticationInterceptor"/>
            <ref component-id="authorizationInterceptor" />
        </camelcxf:inInterceptors>
    </camelcxf:cxfEndpoint>

    <camelContext xmlns="http://camel.apache.org/schema/blueprint" id="addrApiWs">
        <route id="egovWsAddress">
            <from uri="egovAddressEndpoint" />
            <to uri="vm:egov.logging" />
        </route>
    </camelContext>

</blueprint>