cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From SaravananRamamoorthy <saravanan.ramamoorth...@gmail.com>
Subject Re: Http basic authentication in JAX RS
Date Mon, 08 Feb 2010 05:02:50 GMT

Hi Andreas,

Thanks for your suggestions and continous support.

In SoapUI,I was not enable the authentication information to outgoing
request in the SOAPUI preferences.
We need to explicitly enable the checkbox, I go through the SOAPUI entire
documentation and found the solution.

Now I can able to retrieve username and password.

Please suggest me how to retrieve the domain(realm) using JAX RS.

Thank you once again.

Regards
Saravanan R





Andreas Veithen-2 wrote:
> 
> On Fri, Feb 5, 2010 at 17:52, KARR, DAVID (ATTSI) <dk068x@att.com> wrote:
>>> -----Original Message-----
>>> From: SaravananRamamoorthy [mailto:saravanan.ramamoorthy.s@gmail.com]
>>> Sent: Friday, February 05, 2010 8:31 AM
>>> To: users@cxf.apache.org
>>> Subject: Re: Http basic authentication in JAX RS
>>>
>>>
>>> Hi Andreas,
>>>
>>> Thanks for your information.
>>> I will try to figure out what I made mistake in SOAP UI.
>>> Thanks for your help.
>>
>> Unless I'm missing something, there is no "mistake" in SoapUI, at least
>> with respect to this.  I've tried to tell you several times that if you
>> don’t specify security constraints in your web.xml, then your application
>> will ignore security, and it will not process the Authorization header.
> 
> If you replace "application" by "container", then this is true. Hence
> my question on the other thread about the place where he wants
> authentication to be performed (by the container, by CXF or by the
> JAX-RS service).
> 
>>> Andreas Veithen-2 wrote:
>>> >
>>> > As you can see, SOAPUI doesn't send any Authorization header. Thus,
>>> > this is not a problem with CXF, but SOAPUI (unless SOAPUI only sends
>>> > the Authorization header after getting a 401/403 status code).
>>> >
>>> > Andreas
>>> >
>>> > On Fri, Feb 5, 2010 at 17:14, SaravananRamamoorthy
>>> > <saravanan.ramamoorthy.s@gmail.com> wrote:
>>> >>
>>> >> Hi Andread,
>>> >>
>>> >> Please find the attachment.When the values are send through
>>> Header(s)
>>> >> tab, I
>>> >> can able to retrieve the information using HeaderParam.
>>> >>
>>> >> Regards
>>> >> SaravananRamamoorthy
>>> http://old.nabble.com/file/p27470023/SOAP_UI.zip
>>> >> SOAP_UI.zip
>>> >>
>>> >>
>>> >>
>>> >> Andreas Veithen-2 wrote:
>>> >>>
>>> >>> In SOAPUI, after sending the request, you can switch to the "Raw"
>>> tab
>>> >>> in order to see the request (including headers) that SOAPUI has
>>> sent.
>>> >>> Can you show us this information?
>>> >>>
>>> >>> Andreas
>>> >>>
>>> >>> On Fri, Feb 5, 2010 at 16:13, SaravananRamamoorthy
>>> >>> <saravanan.ramamoorthy.s@gmail.com> wrote:
>>> >>>>
>>> >>>> Hi Andreas ,
>>> >>>>
>>> >>>> I can able to get the values, when I send the information through
>>> >>>> header.It
>>> >>>> works fine.
>>> >>>> But when I send the credentials using Authentication part,I
cannot
>>> able
>>> >>>> to
>>> >>>> retrieve.
>>> >>>>
>>> >>>> Regards
>>> >>>> SaravananRamamoorthy
>>> >>>>
>>> >>>>
>>> >>>>
>>> >>>> Andreas Veithen-2 wrote:
>>> >>>>>
>>> >>>>> What Sergey actually wants you to do is to check if that
>>> information
>>> >>>>> reaches the JAX-RS service, i.e. to try retrieving this
>>> information
>>> >>>>> using a method parameter annotated with
>>> @HeaderParam("Authorization").
>>> >>>>>
>>> >>>>> Andreas
>>> >>>>>
>>> >>>>> On Fri, Feb 5, 2010 at 15:36, SaravananRamamoorthy
>>> >>>>> <saravanan.ramamoorthy.s@gmail.com> wrote:
>>> >>>>>>
>>> >>>>>> Hi Sergey,
>>> >>>>>>
>>> >>>>>>
>>> >>>>>> Thanks for your continuous help.
>>> >>>>>> I can able to get the value when the values are given
in the
>>> header
>>> >>>>>> part.
>>> >>>>>> What is the case if the credentials are given in Authentication
>>> part.
>>> >>>>>> I have attached the screenshot for giving the credentials
in aut
>>> >>>>>> part.
>>> >>>>>> In this case how can I retrieve the details.
>>> >>>>>> http://old.nabble.com/file/p27468603/authentication.PNG
>>> >>>>>> authentication.PNG
>>> >>>>>>
>>> >>>>>> Regards
>>> >>>>>> SaravananRamamoorthy
>>> >>>>>>
>>> >>>>>>
>>> >>>>>> Sergey Beryozkin-2 wrote:
>>> >>>>>>>
>>> >>>>>>> Can you post the value of this header please ?
>>> >>>>>>> cheers, Sergey
>>> >>>>>>>
>>> >>>>>>>>
>>> >>>>>>>> Hi Sergey,
>>> >>>>>>>>
>>> >>>>>>>> Yes. The authorization header is sent by the
client. I have
>>> used
>>> >>>>>>>> SOAPUI
>>> >>>>>>>> for
>>> >>>>>>>> this.
>>> >>>>>>>>
>>> >>>>>>>> Regards
>>> >>>>>>>> SaravananRamamoorthy
>>> >>>>>>>>
>>> >>>>>>>>
>>> >>>>>>>>
>>> >>>>>>>> Sergey Beryozkin-2 wrote:
>>> >>>>>>>>>
>>> >>>>>>>>> I've already asked twice : is Authorization
header actually
>>> being
>>> >>>>>>>>> sent
>>> >>>>>>>>> by
>>> >>>>>>>>> a client ?
>>> >>>>>>>>> Can you tell me please if it is the case
or not ? Try adding
>>> a
>>> >>>>>>>>> JAXRS
>>> >>>>>>>>>
>>> >>>>>>>>> @HeaderParam("Authorization") String value
>>> >>>>>>>>>
>>> >>>>>>>>> to your jaxrs resource method and print
the resulting value.
>>> >>>>>>>>>
>>> >>>>>>>>> cheers. Sergey
>>> >>>>>>>>>
>>> >>>>>>>>>
>>> >>>>>>>>>>
>>> >>>>>>>>>> Hi Sergey,
>>> >>>>>>>>>>
>>> >>>>>>>>>> I tried with MessageContext , MessageContextImpl
and
>>> >>>>>>>>>> SecurityContext.
>>> >>>>>>>>>> But
>>> >>>>>>>>>> it
>>> >>>>>>>>>> always return null.
>>> >>>>>>>>>> Do we need anything to be configure
in web.xml?
>>> >>>>>>>>>> Regards
>>> >>>>>>>>>> SaravananRamamoorthy
>>> >>>>>>>>>>
>>> >>>>>>>>>>
>>> >>>>>>>>>>
>>> >>>>>>>>>> Sergey Beryozkin-2 wrote:
>>> >>>>>>>>>>>
>>> >>>>>>>>>>> Please check
>>> >>>>>>>>>>>
>>> >>>>>>>>>>> http://cxf.apache.org/docs/debugging-and-logging.html
>>> >>>>>>>>>>>
>>> >>>>>>>>>>> and see the list of tools you can
use to check if the
>>> >>>>>>>>>>> Authorization
>>> >>>>>>>>>>> header
>>> >>>>>>>>>>> is actually available on the wire.
I also like TcpTrace :
>>> >>>>>>>>>>> http://www.pocketsoap.com/tcptrace/
>>> >>>>>>>>>>>
>>> >>>>>>>>>>> Provided this header is present,
you can parse it manually
>>> by
>>> >>>>>>>>>>> using
>>> >>>>>>>>>>> JAXRS
>>> >>>>>>>>>>> @HeaderParam. I'm sure there're
plenty of Base64 decoding
>>> >>>>>>>>>>> utils around and CXF has the one
too
>>> >>>>>>>>>>> (org.apache.cxf.common.util.Base64Utility).
>>> >>>>>>>>>>>
>>> >>>>>>>>>>> Alternatively youy can have a @Context
MessageContext
>>> parameter
>>> >>>>>>>>>>> passed
>>> >>>>>>>>>>> in
>>> >>>>>>>>>>> too and then do
>>> >>>>>>>>>>> mc.get(AuthorizationPolicy.class.getName());
>>> >>>>>>>>>>>
>>> >>>>>>>>>>> Sergey
>>> >>>>>>>>>>>
>>> >>>>>>>>>>> ----- Original Message -----
>>> >>>>>>>>>>> From: "SaravananRamamoorthy"
>>> <saravanan.ramamoorthy.s@gmail.com>
>>> >>>>>>>>>>> To: <users@cxf.apache.org>
>>> >>>>>>>>>>> Sent: Wednesday, February 03, 2010
4:29 PM
>>> >>>>>>>>>>> Subject: Re: Http basic authentication
in JAX RS
>>> >>>>>>>>>>>
>>> >>>>>>>>>>>
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>> Hi Sergey,
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>> Thanks for your suggestions.
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>> I am new to apache cxf.
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>> Is there any direct interface
or context availabe to
>>> receive
>>> >>>>>>>>>>>> the
>>> >>>>>>>>>>>> authentication details just
like @QueryParam.(for
>>> receiving
>>> >>>>>>>>>>>> query
>>> >>>>>>>>>>>> string).
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>> It is enough to print the username
and the password in the
>>> >>>>>>>>>>>> console.
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>> Please provide the solution.
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>> Regards
>>> >>>>>>>>>>>> Saravanan R
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>> Sergey Beryozkin-2 wrote:
>>> >>>>>>>>>>>>>
>>> >>>>>>>>>>>>> Actually, just looked at
the source of
>>> MessageContextImpl, it
>>> >>>>>>>>>>>>> should
>>> >>>>>>>>>>>>> be
>>> >>>>>>>>>>>>> mc.get(AuthorizationPolicy.class.getName())
when
>>> retrieving
>>> >>>>>>>>>>>>> it from MessageContext given
that uses toString() on the
>>> >>>>>>>>>>>>> object
>>> >>>>>>>>>>>>> keys.
>>> >>>>>>>>>>>>> Also make sure you're actually
seeing an Authorization
>>> header
>>> >>>>>>>>>>>>> on
>>> >>>>>>>>>>>>> the
>>> >>>>>>>>>>>>> wire
>>> >>>>>>>>>>>>>
>>> >>>>>>>>>>>>> cheers, Sergey
>>> >>>>>>>>>>>>>
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>> Hi Sergey,
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>> I tried with your suggestions
like
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>> public Response getCredentials(@Context
MessageContext
>>> mc)
>>> >>>>>>>>>>>>>> {
>>> >>>>>>>>>>>>>> AuthorizationPolicy
policy =
>>> >>>>>>>>>>>>>> (AuthorizationPolicy)mc.get(AuthorizationPolicy.class);
>>> >>>>>>>>>>>>>>              
 System.out.println(policy.getUserName());
>>> >>>>>>>>>>>>>>              
 .......
>>> >>>>>>>>>>>>>>              
 .......
>>> >>>>>>>>>>>>>> When I tried to give
the Authentication from SOAP UI, I
>>> got
>>> >>>>>>>>>>>>>> null.
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>> Please correct me where
I did the mistake.
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>> Regards
>>> >>>>>>>>>>>>>> Saravanan R
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>> Sergey Beryozkin-2 wrote:
>>> >>>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>>> Hi
>>> >>>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>>> The only way at
the moment to get AuthorizationPolicy
>>> object
>>> >>>>>>>>>>>>>>> in
>>> >>>>>>>>>>>>>>> the
>>> >>>>>>>>>>>>>>> app
>>> >>>>>>>>>>>>>>> code is to do something
like this :
>>> >>>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>>> @Context MessageContext
mc;
>>> >>>>>>>>>>>>>>> ....
>>> >>>>>>>>>>>>>>> AuthorizationPolicy
policy =
>>> >>>>>>>>>>>>>>> (AuthorizationPolicy)mc.get(AuthorizationPolicy.class);
>>> >>>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>>> cheers, Sergey
>>> >>>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>>>> Hi All,
>>> >>>>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>>>> I am creating
REST application using JAX RS.
>>> >>>>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>>>> I am using SOAPUI
to test the application.
>>> >>>>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>>>> My Rest needs
to receive the Http Basic Authentication
>>> from
>>> >>>>>>>>>>>>>>>> the
>>> >>>>>>>>>>>>>>>> SOAPUI.
>>> >>>>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>>>> I just want
to receive the authentication details like
>>> >>>>>>>>>>>>>>>> username,password
and
>>> >>>>>>>>>>>>>>>> domain in JAX
RS method.
>>> >>>>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>>>> Can anyone give
the idea how to get the authentication
>>> >>>>>>>>>>>>>>>> details
>>> >>>>>>>>>>>>>>>> in
>>> >>>>>>>>>>>>>>>> the
>>> >>>>>>>>>>>>>>>> parameter of
the method.
>>> >>>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>>> I ended up not needing
this, but I experimented with
>>> >>>>>>>>>>>>>>> creating
>>> >>>>>>>>>>>>>>> an
>>> >>>>>>>>>>>>>>> "AuthorizationRequestHandler"
class (implements
>>> >>>>>>>>>>>>>>> RequestHandler)
>>> >>>>>>>>>>>>>>> and
>>> >>>>>>>>>>>>>>> putting that in
my "jaxrs:providers" list.  That
>>> requires a
>>> >>>>>>>>>>>>>>> "handleRequest(Message
message, ClassResourceInfo
>>> >>>>>>>>>>>>>>> classResourceInfo)"
>>> >>>>>>>>>>>>>>> method, where I
can call "AuthorizationPolicy policy  =
>>> >>>>>>>>>>>>>>> message.get(AuthorizationPolicy.class);".
 The
>>> >>>>>>>>>>>>>>> AuthorizationPolicy
>>> >>>>>>>>>>>>>>> contains the username
and password.
>>> >>>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>>> What is not clear
to me, however, is where this object
>>> is
>>> >>>>>>>>>>>>>>> available
>>> >>>>>>>>>>>>>>> somehow at the controller
level.
>>> >>>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>> --
>>> >>>>>>>>>>>>>> View this message in
context:
>>> >>>>>>>>>>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-
>>> RS-tp27416364p27437539.html
>>> >>>>>>>>>>>>>> Sent from the cxf-user
mailing list archive at
>>> Nabble.com.
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>
>>> >>>>>>>>>>>>>
>>> >>>>>>>>>>>>>
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>> --
>>> >>>>>>>>>>>> View this message in context:
>>> >>>>>>>>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS-
>>> tp27416364p27439212.html
>>> >>>>>>>>>>>> Sent from the cxf-user mailing
list archive at Nabble.com.
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>
>>> >>>>>>>>>>>
>>> >>>>>>>>>>>
>>> >>>>>>>>>>
>>> >>>>>>>>>> --
>>> >>>>>>>>>> View this message in context:
>>> >>>>>>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS-
>>> tp27416364p27452426.html
>>> >>>>>>>>>> Sent from the cxf-user mailing list
archive at Nabble.com.
>>> >>>>>>>>>>
>>> >>>>>>>>>
>>> >>>>>>>>>
>>> >>>>>>>>
>>> >>>>>>>> --
>>> >>>>>>>> View this message in context:
>>> >>>>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS-
>>> tp27416364p27467082.html
>>> >>>>>>>> Sent from the cxf-user mailing list archive
at Nabble.com.
>>> >>>>>>>>
>>> >>>>>>>
>>> >>>>>>>
>>> >>>>>>
>>> >>>>>> --
>>> >>>>>> View this message in context:
>>> >>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS-
>>> tp27416364p27468603.html
>>> >>>>>> Sent from the cxf-user mailing list archive at Nabble.com.
>>> >>>>>>
>>> >>>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>
>>> >>>> --
>>> >>>> View this message in context:
>>> >>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS-
>>> tp27416364p27469191.html
>>> >>>> Sent from the cxf-user mailing list archive at Nabble.com.
>>> >>>>
>>> >>>>
>>> >>>
>>> >>>
>>> >>
>>> >> --
>>> >> View this message in context:
>>> >> http://old.nabble.com/Http-basic-authentication-in-JAX-RS-
>>> tp27416364p27470023.html
>>> >> Sent from the cxf-user mailing list archive at Nabble.com.
>>> >>
>>> >>
>>> >
>>> >
>>>
>>> --
>>> View this message in context: http://old.nabble.com/Http-basic-
>>> authentication-in-JAX-RS-tp27416364p27470342.html
>>> Sent from the cxf-user mailing list archive at Nabble.com.
>>
>>
> 
> 

-- 
View this message in context: http://old.nabble.com/Http-basic-authentication-in-JAX-RS-tp27416364p27495332.html
Sent from the cxf-user mailing list archive at Nabble.com.


Mime
View raw message