cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Veithen <andreas.veit...@gmail.com>
Subject Re: Http basic authentication in JAX RS
Date Fri, 05 Feb 2010 17:12:22 GMT
On Fri, Feb 5, 2010 at 17:52, KARR, DAVID (ATTSI) <dk068x@att.com> wrote:
>> -----Original Message-----
>> From: SaravananRamamoorthy [mailto:saravanan.ramamoorthy.s@gmail.com]
>> Sent: Friday, February 05, 2010 8:31 AM
>> To: users@cxf.apache.org
>> Subject: Re: Http basic authentication in JAX RS
>>
>>
>> Hi Andreas,
>>
>> Thanks for your information.
>> I will try to figure out what I made mistake in SOAP UI.
>> Thanks for your help.
>
> Unless I'm missing something, there is no "mistake" in SoapUI, at least with respect
to this.  I've tried to tell you several times that if you don’t specify security constraints
in your web.xml, then your application will ignore security, and it will not process the Authorization
header.

If you replace "application" by "container", then this is true. Hence
my question on the other thread about the place where he wants
authentication to be performed (by the container, by CXF or by the
JAX-RS service).

>> Andreas Veithen-2 wrote:
>> >
>> > As you can see, SOAPUI doesn't send any Authorization header. Thus,
>> > this is not a problem with CXF, but SOAPUI (unless SOAPUI only sends
>> > the Authorization header after getting a 401/403 status code).
>> >
>> > Andreas
>> >
>> > On Fri, Feb 5, 2010 at 17:14, SaravananRamamoorthy
>> > <saravanan.ramamoorthy.s@gmail.com> wrote:
>> >>
>> >> Hi Andread,
>> >>
>> >> Please find the attachment.When the values are send through
>> Header(s)
>> >> tab, I
>> >> can able to retrieve the information using HeaderParam.
>> >>
>> >> Regards
>> >> SaravananRamamoorthy
>> http://old.nabble.com/file/p27470023/SOAP_UI.zip
>> >> SOAP_UI.zip
>> >>
>> >>
>> >>
>> >> Andreas Veithen-2 wrote:
>> >>>
>> >>> In SOAPUI, after sending the request, you can switch to the "Raw"
>> tab
>> >>> in order to see the request (including headers) that SOAPUI has
>> sent.
>> >>> Can you show us this information?
>> >>>
>> >>> Andreas
>> >>>
>> >>> On Fri, Feb 5, 2010 at 16:13, SaravananRamamoorthy
>> >>> <saravanan.ramamoorthy.s@gmail.com> wrote:
>> >>>>
>> >>>> Hi Andreas ,
>> >>>>
>> >>>> I can able to get the values, when I send the information through
>> >>>> header.It
>> >>>> works fine.
>> >>>> But when I send the credentials using Authentication part,I cannot
>> able
>> >>>> to
>> >>>> retrieve.
>> >>>>
>> >>>> Regards
>> >>>> SaravananRamamoorthy
>> >>>>
>> >>>>
>> >>>>
>> >>>> Andreas Veithen-2 wrote:
>> >>>>>
>> >>>>> What Sergey actually wants you to do is to check if that
>> information
>> >>>>> reaches the JAX-RS service, i.e. to try retrieving this
>> information
>> >>>>> using a method parameter annotated with
>> @HeaderParam("Authorization").
>> >>>>>
>> >>>>> Andreas
>> >>>>>
>> >>>>> On Fri, Feb 5, 2010 at 15:36, SaravananRamamoorthy
>> >>>>> <saravanan.ramamoorthy.s@gmail.com> wrote:
>> >>>>>>
>> >>>>>> Hi Sergey,
>> >>>>>>
>> >>>>>>
>> >>>>>> Thanks for your continuous help.
>> >>>>>> I can able to get the value when the values are given in
the
>> header
>> >>>>>> part.
>> >>>>>> What is the case if the credentials are given in Authentication
>> part.
>> >>>>>> I have attached the screenshot for giving the credentials
in aut
>> >>>>>> part.
>> >>>>>> In this case how can I retrieve the details.
>> >>>>>> http://old.nabble.com/file/p27468603/authentication.PNG
>> >>>>>> authentication.PNG
>> >>>>>>
>> >>>>>> Regards
>> >>>>>> SaravananRamamoorthy
>> >>>>>>
>> >>>>>>
>> >>>>>> Sergey Beryozkin-2 wrote:
>> >>>>>>>
>> >>>>>>> Can you post the value of this header please ?
>> >>>>>>> cheers, Sergey
>> >>>>>>>
>> >>>>>>>>
>> >>>>>>>> Hi Sergey,
>> >>>>>>>>
>> >>>>>>>> Yes. The authorization header is sent by the client.
I have
>> used
>> >>>>>>>> SOAPUI
>> >>>>>>>> for
>> >>>>>>>> this.
>> >>>>>>>>
>> >>>>>>>> Regards
>> >>>>>>>> SaravananRamamoorthy
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>> Sergey Beryozkin-2 wrote:
>> >>>>>>>>>
>> >>>>>>>>> I've already asked twice : is Authorization
header actually
>> being
>> >>>>>>>>> sent
>> >>>>>>>>> by
>> >>>>>>>>> a client ?
>> >>>>>>>>> Can you tell me please if it is the case or
not ? Try adding
>> a
>> >>>>>>>>> JAXRS
>> >>>>>>>>>
>> >>>>>>>>> @HeaderParam("Authorization") String value
>> >>>>>>>>>
>> >>>>>>>>> to your jaxrs resource method and print the
resulting value.
>> >>>>>>>>>
>> >>>>>>>>> cheers. Sergey
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>> Hi Sergey,
>> >>>>>>>>>>
>> >>>>>>>>>> I tried with MessageContext , MessageContextImpl
and
>> >>>>>>>>>> SecurityContext.
>> >>>>>>>>>> But
>> >>>>>>>>>> it
>> >>>>>>>>>> always return null.
>> >>>>>>>>>> Do we need anything to be configure in web.xml?
>> >>>>>>>>>> Regards
>> >>>>>>>>>> SaravananRamamoorthy
>> >>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>> Sergey Beryozkin-2 wrote:
>> >>>>>>>>>>>
>> >>>>>>>>>>> Please check
>> >>>>>>>>>>>
>> >>>>>>>>>>> http://cxf.apache.org/docs/debugging-and-logging.html
>> >>>>>>>>>>>
>> >>>>>>>>>>> and see the list of tools you can use
to check if the
>> >>>>>>>>>>> Authorization
>> >>>>>>>>>>> header
>> >>>>>>>>>>> is actually available on the wire. I
also like TcpTrace :
>> >>>>>>>>>>> http://www.pocketsoap.com/tcptrace/
>> >>>>>>>>>>>
>> >>>>>>>>>>> Provided this header is present, you
can parse it manually
>> by
>> >>>>>>>>>>> using
>> >>>>>>>>>>> JAXRS
>> >>>>>>>>>>> @HeaderParam. I'm sure there're plenty
of Base64 decoding
>> >>>>>>>>>>> utils around and CXF has the one too
>> >>>>>>>>>>> (org.apache.cxf.common.util.Base64Utility).
>> >>>>>>>>>>>
>> >>>>>>>>>>> Alternatively youy can have a @Context
MessageContext
>> parameter
>> >>>>>>>>>>> passed
>> >>>>>>>>>>> in
>> >>>>>>>>>>> too and then do
>> >>>>>>>>>>> mc.get(AuthorizationPolicy.class.getName());
>> >>>>>>>>>>>
>> >>>>>>>>>>> Sergey
>> >>>>>>>>>>>
>> >>>>>>>>>>> ----- Original Message -----
>> >>>>>>>>>>> From: "SaravananRamamoorthy"
>> <saravanan.ramamoorthy.s@gmail.com>
>> >>>>>>>>>>> To: <users@cxf.apache.org>
>> >>>>>>>>>>> Sent: Wednesday, February 03, 2010 4:29
PM
>> >>>>>>>>>>> Subject: Re: Http basic authentication
in JAX RS
>> >>>>>>>>>>>
>> >>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> Hi Sergey,
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> Thanks for your suggestions.
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> I am new to apache cxf.
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> Is there any direct interface or
context availabe to
>> receive
>> >>>>>>>>>>>> the
>> >>>>>>>>>>>> authentication details just like
@QueryParam.(for
>> receiving
>> >>>>>>>>>>>> query
>> >>>>>>>>>>>> string).
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> It is enough to print the username
and the password in the
>> >>>>>>>>>>>> console.
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> Please provide the solution.
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> Regards
>> >>>>>>>>>>>> Saravanan R
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> Sergey Beryozkin-2 wrote:
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>> Actually, just looked at the
source of
>> MessageContextImpl, it
>> >>>>>>>>>>>>> should
>> >>>>>>>>>>>>> be
>> >>>>>>>>>>>>> mc.get(AuthorizationPolicy.class.getName())
when
>> retrieving
>> >>>>>>>>>>>>> it from MessageContext given
that uses toString() on the
>> >>>>>>>>>>>>> object
>> >>>>>>>>>>>>> keys.
>> >>>>>>>>>>>>> Also make sure you're actually
seeing an Authorization
>> header
>> >>>>>>>>>>>>> on
>> >>>>>>>>>>>>> the
>> >>>>>>>>>>>>> wire
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>> cheers, Sergey
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> Hi Sergey,
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> I tried with your suggestions
like
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> public Response getCredentials(@Context
MessageContext
>> mc)
>> >>>>>>>>>>>>>> {
>> >>>>>>>>>>>>>> AuthorizationPolicy policy
=
>> >>>>>>>>>>>>>> (AuthorizationPolicy)mc.get(AuthorizationPolicy.class);
>> >>>>>>>>>>>>>>                System.out.println(policy.getUserName());
>> >>>>>>>>>>>>>>                .......
>> >>>>>>>>>>>>>>                .......
>> >>>>>>>>>>>>>> When I tried to give the
Authentication from SOAP UI, I
>> got
>> >>>>>>>>>>>>>> null.
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> Please correct me where
I did the mistake.
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> Regards
>> >>>>>>>>>>>>>> Saravanan R
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> Sergey Beryozkin-2 wrote:
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>> Hi
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>> The only way at the
moment to get AuthorizationPolicy
>> object
>> >>>>>>>>>>>>>>> in
>> >>>>>>>>>>>>>>> the
>> >>>>>>>>>>>>>>> app
>> >>>>>>>>>>>>>>> code is to do something
like this :
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>> @Context MessageContext
mc;
>> >>>>>>>>>>>>>>> ....
>> >>>>>>>>>>>>>>> AuthorizationPolicy
policy =
>> >>>>>>>>>>>>>>> (AuthorizationPolicy)mc.get(AuthorizationPolicy.class);
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>> cheers, Sergey
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>> Hi All,
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>> I am creating REST
application using JAX RS.
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>> I am using SOAPUI
to test the application.
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>> My Rest needs to
receive the Http Basic Authentication
>> from
>> >>>>>>>>>>>>>>>> the
>> >>>>>>>>>>>>>>>> SOAPUI.
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>> I just want to receive
the authentication details like
>> >>>>>>>>>>>>>>>> username,password
and
>> >>>>>>>>>>>>>>>> domain in JAX RS
method.
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>> Can anyone give
the idea how to get the authentication
>> >>>>>>>>>>>>>>>> details
>> >>>>>>>>>>>>>>>> in
>> >>>>>>>>>>>>>>>> the
>> >>>>>>>>>>>>>>>> parameter of the
method.
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>> I ended up not needing
this, but I experimented with
>> >>>>>>>>>>>>>>> creating
>> >>>>>>>>>>>>>>> an
>> >>>>>>>>>>>>>>> "AuthorizationRequestHandler"
class (implements
>> >>>>>>>>>>>>>>> RequestHandler)
>> >>>>>>>>>>>>>>> and
>> >>>>>>>>>>>>>>> putting that in my "jaxrs:providers"
list.  That
>> requires a
>> >>>>>>>>>>>>>>> "handleRequest(Message
message, ClassResourceInfo
>> >>>>>>>>>>>>>>> classResourceInfo)"
>> >>>>>>>>>>>>>>> method, where I can
call "AuthorizationPolicy policy  =
>> >>>>>>>>>>>>>>> message.get(AuthorizationPolicy.class);".
 The
>> >>>>>>>>>>>>>>> AuthorizationPolicy
>> >>>>>>>>>>>>>>> contains the username
and password.
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>> What is not clear to
me, however, is where this object
>> is
>> >>>>>>>>>>>>>>> available
>> >>>>>>>>>>>>>>> somehow at the controller
level.
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> --
>> >>>>>>>>>>>>>> View this message in context:
>> >>>>>>>>>>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-
>> RS-tp27416364p27437539.html
>> >>>>>>>>>>>>>> Sent from the cxf-user mailing
list archive at
>> Nabble.com.
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> --
>> >>>>>>>>>>>> View this message in context:
>> >>>>>>>>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS-
>> tp27416364p27439212.html
>> >>>>>>>>>>>> Sent from the cxf-user mailing list
archive at Nabble.com.
>> >>>>>>>>>>>>
>> >>>>>>>>>>>
>> >>>>>>>>>>>
>> >>>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>> --
>> >>>>>>>>>> View this message in context:
>> >>>>>>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS-
>> tp27416364p27452426.html
>> >>>>>>>>>> Sent from the cxf-user mailing list archive
at Nabble.com.
>> >>>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>
>> >>>>>>>> --
>> >>>>>>>> View this message in context:
>> >>>>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS-
>> tp27416364p27467082.html
>> >>>>>>>> Sent from the cxf-user mailing list archive at Nabble.com.
>> >>>>>>>>
>> >>>>>>>
>> >>>>>>>
>> >>>>>>
>> >>>>>> --
>> >>>>>> View this message in context:
>> >>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS-
>> tp27416364p27468603.html
>> >>>>>> Sent from the cxf-user mailing list archive at Nabble.com.
>> >>>>>>
>> >>>>>>
>> >>>>>
>> >>>>>
>> >>>>
>> >>>> --
>> >>>> View this message in context:
>> >>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS-
>> tp27416364p27469191.html
>> >>>> Sent from the cxf-user mailing list archive at Nabble.com.
>> >>>>
>> >>>>
>> >>>
>> >>>
>> >>
>> >> --
>> >> View this message in context:
>> >> http://old.nabble.com/Http-basic-authentication-in-JAX-RS-
>> tp27416364p27470023.html
>> >> Sent from the cxf-user mailing list archive at Nabble.com.
>> >>
>> >>
>> >
>> >
>>
>> --
>> View this message in context: http://old.nabble.com/Http-basic-
>> authentication-in-JAX-RS-tp27416364p27470342.html
>> Sent from the cxf-user mailing list archive at Nabble.com.
>
>

Mime
View raw message