cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <>
Subject Re: Http Authentication Policy
Date Fri, 09 Mar 2007 17:44:43 GMT


On Friday 09 March 2007 12:30, Polar Humenn wrote:
> I have a concern about the HTTP Authentication Policy that is
> configurable in a CXF deployment. My first concern is that username and
> passwords are stored in a config file. This situation may be acceptable
> in a few cases, but I would like to see alternatives.

There are already alternatives.   The AuthenticationPolicy object can be 
created programatically and passed in via the message properties.   If the 
object is available on the message, it's used.   Likewise for all the 

The JAX-WS frontend maps the standard JAX-WS USERNAME and PASSWORD 
properties onto the AuthenticationPolicy object.   However, they also have 
access to the Policy object itself if they want.  I'd greatly prefer to 
keep it that way.  

J. Daniel Kulp
Principal Engineer
P: 781-902-8727    C: 508-380-7194

View raw message