camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <>
Subject Re: Adding jaas authentication to a cxf endpoint in karaf
Date Mon, 03 Nov 2014 15:25:30 GMT
On 03/11/14 14:42, Hilderich wrote:
> Hello Sergey,
> First of all what you have suggested I have done as you can see above. But
> this incorporation of an interceptor has no effect and no one requires a
> login if I do a request to the address in my browser.
> My question about JAAS was intended to get a feedback from you if I have
> grasp JAAS correctly. In Karaf the JAAS login mechanism looks into
> <karaf_home>/etc/, isn't it?
As far as I recall yes
> I don't know what you mean when you are talking about anonymous users and I
> cannot find any property /allowAnonymous/. I just want to know if one entry
> as stated above in users.propties is enough
> for an authorization?
No, that entry should be enough for populating a security context - 
which still needs to be acted upon.
>However this is not the point at the moment because no
> one is asking for any authorization - what a shame.
I do not even recall you talking about the authorization in this thread 
before so I'm not sure why you are surprised.
What is you plan to enforce the authorization, do you use RBAC rules 
like @RolesAllowed
> Do I have to create any web app context file for any other authentication
> stuff beyond /blueprint.xml/ and / Do I have to configure
> <karaf_home>/etc/org.apache.karaf.jaas.cfg ???
No idea - ask at the Karaf list. As far as CXF is concerned, please 
check the same page I linked to earlier on how to set up simple 
authorizing interceptors which can check RolesAllowed.

By the way: sorry if I hijacked the thread - may be the solution 
proposed originally should've been explored till the end...

Thanks, Sergey
> Kind regards,
> Hilderich
> --
> View this message in context:
> Sent from the Camel - Users mailing list archive at

View raw message