cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From JMalkan <jmal...@mail.com>
Subject RE: How to make WADL requests to pass through Interceptor
Date Mon, 15 Feb 2010 23:38:48 GMT

Hi,

I am working on a design put together by previous developer. So here is a
bit of context.
The main purpose of this interceptor is to only allow authorized user to
execute services.

1. User invokes AuthService's login operation to establish the session and
receives token
2. User invokes AuthService's login operation to terminate the session
above 2 operations should pass through
3.  User invokes any of the services - interceptor needs to call appropriate
logic to validate user token.
4. WADL requests could pass through.


With this see my comments inline.


Jiggy.


Sergey Beryozkin-2 wrote:
> 
> Hi
> 
> There's no CXF specific solution. Please see more comments inline
> 
> 
> Hi Sergey,
> 
> Again I greatly appreciate quick response.
> 
> That is a potential solution. But still concerned about maintainability as
> new services gets configured or existing gets modified.
> 
> Is there a way to tell CXF not to invoke interceptor for AuthService and
> wadl requests?
> 
>> S.B I'm not quite seeing why checking a Message.QUERY_STRING for a _wadl
>> fragment does not fit as a general-enough solution ? Likewise, a custom
>> AuthService is not something CXF is aware of...what is problematic in
>> configuring an interceptor with the list of URI which have to be accepted
>> and check them against say Message.REQUEST_URI ?
> 
>> J.M This comes with maintenance cost - as we develop more services, we
>> have to remember to add the service to configure interceptor as well. I
>> would like relatively mistake free tight solution as you could imagine
>> sensitivity around security of the system.
> 
> 
> If answer to above question is "No" then
> Is there a way to access rest configured URIs from the interceptor?
> 
>> S.B : I can'r recall the code right now but you can get a list of all the
>> endpoint addresses from a DestinationManager bus extension. However, it
>> won't give a list of restful endpoints only...
> 
>> J. M: May be this one will work.
> 
> 
> I'm wondering, may be I'm not understanding your question ? 
> Cheers, Sergey 
> 
> Jiggy.
> 
> 
> Sergey Beryozkin-2 wrote:
>> 
>> Hi
>> 
>> You can have uri values to be matched injected into your custom
>> interceptor at configuration time if needed...
>> Cheers, Sergey
>> 
>> -----Original Message-----
>> From: JMalkan [mailto:jmalkan@mail.com] 
>> Sent: 15 February 2010 20:32
>> To: users@cxf.apache.org
>> Subject: Re: How to make WADL requests to pass through Interceptor
>> 
>> 
>> Hi Sergey,
>> 
>> I appreciate quick response. I have been doing most of what you
>> suggested.
>> This is a coding solution requiring knowledge of expacted URIs.
>> 
>> Is there a way to configure this?
>> 
>> 
>> 
>> Jiggy.
>> 
>> 
>> Sergey Beryozkin-2 wrote:
>>> 
>>> Hi
>>> 
>>> If you use a CXF interceptor then you can get a Message.QUERY_STRING
>>> value
>>> from a current Message and check if it contains a _wadl 
>>> part and if yes then let the request continue...
>>> 
>>> Likewise given that you use JAXRS, you can get OperationResourceInfo and
>>> the actual method name from a current exchange :
>>> 
>>> exchange.get(OperationResourceInfo.class).getMethodToInvoke().getName()
>>> and you also can get the name of the resource class about to be invoked
>>> upon :
>>> 
>>> exchange.get(ClassResourceInfo.class).getServiceClass().getName()
>>> 
>>> and if it's AuthService and it's login/logout then let the request to
>>> continue
>>> 
>>> Hope it helps, Sergey
>>> 
>>> I am a newbee. I have an interceptor that extends from
>>> AbstractPhaseInterceptor. This has been configured in spring cxf bus as
>>> follows:
>>> 
>>> <cxf:bus name="cxf-bus">
>>>   <cxf:inInterceptors>'
>>>     <ref bean="myAuthIntercept"/>
>>>   </cxf:inInterceptors>
>>> </cxf:bus>
>>> 
>>> The interceptors main job is to only allow authenticated user to access
>>> service.
>>> There are couple of exceptions.
>>> 1. A WADL request for the published services.
>>>    Currently I have a hard coded list of URIs. Not a good solution. I
>>> would
>>> like to know if there is a way either to avoid interceptor invocation on
>>> WADL requests or access REST URIs dynamically?
>>> 2. A request made to login/logout operation call made to AuthService.
>>>     Is there a way to make exception for this one service? I have many
>>> services configured and would prefer not to configure each service with
>>> in/out/fault interceptions.
>>> 
>>> 
>>> 
>>> Jiggy.
>>> -- 
>>> View this message in context:
>>> http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27595561.html
>>> Sent from the cxf-user mailing list archive at Nabble.com.
>>> 
>>> 
>>> 
>> 
>> -- 
>> View this message in context:
>> http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27599555.html
>> Sent from the cxf-user mailing list archive at Nabble.com.
>> 
>> 
>> 
> 
> -- 
> View this message in context:
> http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27599801.html
> Sent from the cxf-user mailing list archive at Nabble.com.
> 
> 
> 

-- 
View this message in context: http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27601801.html
Sent from the cxf-user mailing list archive at Nabble.com.


Mime
View raw message