camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <sberyoz...@gmail.com>
Subject Re: Securing jaxrs REST interface with HTTP Basic auth
Date Tue, 21 May 2013 10:42:02 GMT
Hi

I think it is more a Karaf-level question, where different JAAS contexts 
can be set up and such. Though I've heard one can have a two way TLS 
(client cert for our purposes) and also Basic Auth credentials combined 
in one request, example, when the same machine is shared between 
multiple users, etc...

Checking both the client cert and Basic Auth can be done in a single CXF 
filter but it can become rather manual; we have a JAAS interceptor which 
is easy to use but it works with BasicAuth only, we really need to get a 
CXF level JAAS interceptor for checking the client certs tooo

Sorry, off-topic for this list
Sergey
On 21/05/13 07:09, Martin Stiborský wrote:
> One more, final question :)
>
> Currently, I have configured Karaf server, to accept only requests
> signed with certain client SSL certificate - this works for us as a
> very basic layer for authenticating incoming requests to Camel/jaxrs.
>
> So, I'w like to keep this solution, but also support HTTP Basic auth.
> So, if a request is signed with SSL cert, try to authorize with
> certificate, if the request is signed with HTTP Basic, use that
> instead of certificate.
>
> I guess I have to move it all into CXF filter, right? To get such
> "authorization chain".
>
> On Mon, May 20, 2013 at 7:44 PM, Martin Stiborský
> <martin.stiborsky@gmail.com> wrote:
>> wow, works, many thanks to you.
>> I promised already few, but I should really write some tutorial on
>> this topic…give me a slap if I don't do it next weekend…
>>
>> On Mon, May 20, 2013 at 1:26 PM, Sergey Beryozkin <sberyozkin@gmail.com> wrote:
>>> Hi
>>>
>>> On 20/05/13 12:19, Martin Stiborský wrote:
>>>>
>>>> So far it seems for me that I have a big problem with architecture of
>>>> the application.
>>>> It was working well so far, the approach we used.
>>>>
>>>> I mean, these "camel-cxf:rsServer" elements, with classes describing
>>>> REST interface following jax-rs.
>>>> The REST classes were looking a little bit weird, as they "returning
>>>> null"
>>>> (http://www.javacodegeeks.com/2012/05/rest-endpoint-for-integration-using.html)
>>>> but it was possible then to use the rest class directly in the start
>>>> of a camel routes with "from("cxfrs:bean:something")".
>>>>
>>>> Is something like this possible with this way of registering jax-rs?
>>>>
>>>> <jaxrs:server id="customerService" address="/">
>>>>           <jaxrs:serviceBeans>
>>>>               <ref component-id="myServiceBean" />
>>>>           </jaxrs:serviceBeans>
>>>>           <jaxrs:providers>
>>>>               <bean id="authorizationFilter" class="com.foo.HttpAuth"/>
>>>>           </jaxrs:providers>
>>>>       </jaxrs:server>
>>>>
>>>
>>> Yes, simply do
>>>
>>>   <jaxrs:server id="customerService"
>>> address="camel:/myCamelTransportAddress">
>>>
>>>            <jaxrs:serviceBeans>
>>>                <ref component-id="myServiceBean" />
>>>            </jaxrs:serviceBeans>
>>>            <jaxrs:providers>
>>>                <bean id="authorizationFilter" class="com.foo.HttpAuth"/>
>>>            </jaxrs:providers>
>>>        </jaxrs:server>
>>>
>>> And use that in combination with Camel Servlet transport.
>>> Also, have a look at the new Simple binding for cxfrs, available from Camel
>>> 2.11
>>>
>>> Sergey
>>>
>>>
>>>
>>>
>>>> The provider definitelly works like that, that's good. But everything
>>>> else doesn't work :P
>>>>
>>>> On Mon, May 20, 2013 at 12:01 PM, Martin Stiborský
>>>> <martin.stiborsky@gmail.com> wrote:
>>>>>
>>>>> Ok, so it seems that implementing
>>>>> org.apache.cxf.jaxrs.ext.RequestHandler could help me.
>>>>> How to register such a provider then?
>>>>>
>>>>> We have REST interfaces created like this:
>>>>>
>>>>> <camel-cxf:rsServer id="restFoo" address="/rest/foo"
>>>>>                           serviceClass="com.rest.FooRest"/>
>>>>>
>>>>> We have few of these. I'm not sure, it it's possible to register
>>>>> jax-rs provider with this.
>>>>>
>>>>>
>>>>> On Mon, May 20, 2013 at 10:02 AM, Ioan Eugen Stan <stan.ieugen@gmail.com>
>>>>> wrote:
>>>>>>
>>>>>> Hello Martin,
>>>>>>
>>>>>> I think you could try addding a Filter or Interceptor that does Basic
>>>>>> Auth. If you're using CXF you could try something like [1]
>>>>>>
>>>>>> Hope it helps,
>>>>>>
>>>>>> [1] http://cxf.apache.org/docs/secure-jax-rs-services.html
>>>>>>
>>>>>> On Mon, May 20, 2013 at 10:48 AM, Martin Stiborský
>>>>>> <martin.stiborsky@gmail.com> wrote:
>>>>>>>
>>>>>>> Hello guys,
>>>>>>> a joke is saying that a number of tabs opened in web browser
related
>>>>>>> to some problem could help you to estimate the time needed for
>>>>>>> implementation.
>>>>>>> I have now about 33 tabs opened :) I need to secure my REST interface,
>>>>>>> with HTTP Basic auth.
>>>>>>>
>>>>>>> In the project, we are currently still with Camel 2.10.1 (not
yet
>>>>>>> resolved some troubles with upgrade to 2.11 :( ), we are using
OSGi
>>>>>>> and Aries blueprint. All deployed into Apache Karaf.
>>>>>>>
>>>>>>> Just a simple hint which way to go is goood enough for me.
>>>>>>> Right now, I'm checking JAAS, but I'm really lost in this topic.
>>>>>>>
>>>>>>> --
>>>>>>> S pozdravem / Best regards
>>>>>>> Martin Stiborský
>>>>>>>
>>>>>>> Jabber: stibi@njs.netlab.cz
>>>>>>> Twitter: http://www.twitter.com/stibi
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Ioan Eugen Stan
>>>>>> 0720 898 747
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> S pozdravem / Best regards
>>>>> Martin Stiborský
>>>>>
>>>>> Jabber: stibi@njs.netlab.cz
>>>>> Twitter: http://www.twitter.com/stibi
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>>
>> --
>> S pozdravem / Best regards
>> Martin Stiborský
>>
>> Jabber: stibi@njs.netlab.cz
>> Twitter: http://www.twitter.com/stibi
>
>
>



Mime
View raw message