Secure RESTful Services with Maven, Spring, Apache CXF and Spring Security

Nov 1st 2012: Minor updates including instructions on how to deploy this to the open source PaaS Cloudfoundry.

Modified the previous blog entry to work with Apache CXF instead of Jersey. Made modifications to the spring configuration XML to configure CXF as the restful service engine. The Maven pom.xml file was modified to include CXF libraries. Download the code from GitHub –

Steps to run the code locally…

  • run git clone to get the code base
  • move to root of project and run mvn package
  • run mvn jetty:run
  • Access one of the URLS below.

RESTful service URI’s:

  • No security (try this first) – http://localhost:9090/jaxrscxf/services/timeoftheday/asplaintext
  • With Security & JSON response – http://localhost:9090/jaxrscxf/services/timeoftheday/asjson/mathew
  • With Security & XML response – http://localhost:9090/jaxrscxf/services/timeoftheday/asxml/mathew

User ids to use for the secure services are…

  • <sec:user name="admin" password="password" authorities="admin" />
  • <sec:user name="johndoe" password="password" authorities="customer, admin" />

In doing this change I also found a useful Maven archetype for those who needed a simple starter project. It is at Apache CXF Site. It is spring enabled and also shows how to use Jackson to serialize json data. There is no Spring Security , though you can add it quite easily.


Push to Open Source PaaS CloudFoundry

If you need to push this code to the open source PaaS then follow these instructions (of course refer to Cloudfoundy website too)…

  • First get an account at (hereafter referred to as CF). Whether you chose to go micro CF or the hosted version is your call. I assume hosted here. Note down the one time token.
  • Ensure you have ruby and rubygems installed.
  • run – gems install vmc (vmc is the command line tool to interact with CF)
  • run – vmc target (where mattscloud is your cf account). Use your one time token during this step.
  • Go to the maven project root folder and run mvn package.
  • Move to the target folder where the war file resides.
  • run – vmc login (login using your CF credentials)
  • run – vmc push jaxrscxf (to delete the deployed application run vmc delete jaxrscxf)

Note: If my sample service is running on CF you can get to it via