cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Veithen <andreas.veit...@gmail.com>
Subject Re: Http basic authentication in JAX RS
Date Mon, 08 Feb 2010 09:51:47 GMT
For basic authentication, only the 401 response from the server
contains a realm (as part of the WWW-Authenticate header). On the
other hand, an authenticated request only contains the username and
password, but no realm.

Andreas

On Mon, Feb 8, 2010 at 06:02, SaravananRamamoorthy
<saravanan.ramamoorthy.s@gmail.com> wrote:
>
> Hi Andreas,
>
> Thanks for your suggestions and continous support.
>
> In SoapUI,I was not enable the authentication information to outgoing
> request in the SOAPUI preferences.
> We need to explicitly enable the checkbox, I go through the SOAPUI entire
> documentation and found the solution.
>
> Now I can able to retrieve username and password.
>
> Please suggest me how to retrieve the domain(realm) using JAX RS.
>
> Thank you once again.
>
> Regards
> Saravanan R
>
>
>
>
>
> Andreas Veithen-2 wrote:
>>
>> On Fri, Feb 5, 2010 at 17:52, KARR, DAVID (ATTSI) <dk068x@att.com> wrote:
>>>> -----Original Message-----
>>>> From: SaravananRamamoorthy [mailto:saravanan.ramamoorthy.s@gmail.com]
>>>> Sent: Friday, February 05, 2010 8:31 AM
>>>> To: users@cxf.apache.org
>>>> Subject: Re: Http basic authentication in JAX RS
>>>>
>>>>
>>>> Hi Andreas,
>>>>
>>>> Thanks for your information.
>>>> I will try to figure out what I made mistake in SOAP UI.
>>>> Thanks for your help.
>>>
>>> Unless I'm missing something, there is no "mistake" in SoapUI, at least
>>> with respect to this.  I've tried to tell you several times that if you
>>> don’t specify security constraints in your web.xml, then your application
>>> will ignore security, and it will not process the Authorization header.
>>
>> If you replace "application" by "container", then this is true. Hence
>> my question on the other thread about the place where he wants
>> authentication to be performed (by the container, by CXF or by the
>> JAX-RS service).
>>
>>>> Andreas Veithen-2 wrote:
>>>> >
>>>> > As you can see, SOAPUI doesn't send any Authorization header. Thus,
>>>> > this is not a problem with CXF, but SOAPUI (unless SOAPUI only sends
>>>> > the Authorization header after getting a 401/403 status code).
>>>> >
>>>> > Andreas
>>>> >
>>>> > On Fri, Feb 5, 2010 at 17:14, SaravananRamamoorthy
>>>> > <saravanan.ramamoorthy.s@gmail.com> wrote:
>>>> >>
>>>> >> Hi Andread,
>>>> >>
>>>> >> Please find the attachment.When the values are send through
>>>> Header(s)
>>>> >> tab, I
>>>> >> can able to retrieve the information using HeaderParam.
>>>> >>
>>>> >> Regards
>>>> >> SaravananRamamoorthy
>>>> http://old.nabble.com/file/p27470023/SOAP_UI.zip
>>>> >> SOAP_UI.zip
>>>> >>
>>>> >>
>>>> >>
>>>> >> Andreas Veithen-2 wrote:
>>>> >>>
>>>> >>> In SOAPUI, after sending the request, you can switch to the
"Raw"
>>>> tab
>>>> >>> in order to see the request (including headers) that SOAPUI
has
>>>> sent.
>>>> >>> Can you show us this information?
>>>> >>>
>>>> >>> Andreas
>>>> >>>
>>>> >>> On Fri, Feb 5, 2010 at 16:13, SaravananRamamoorthy
>>>> >>> <saravanan.ramamoorthy.s@gmail.com> wrote:
>>>> >>>>
>>>> >>>> Hi Andreas ,
>>>> >>>>
>>>> >>>> I can able to get the values, when I send the information
through
>>>> >>>> header.It
>>>> >>>> works fine.
>>>> >>>> But when I send the credentials using Authentication part,I
cannot
>>>> able
>>>> >>>> to
>>>> >>>> retrieve.
>>>> >>>>
>>>> >>>> Regards
>>>> >>>> SaravananRamamoorthy
>>>> >>>>
>>>> >>>>
>>>> >>>>
>>>> >>>> Andreas Veithen-2 wrote:
>>>> >>>>>
>>>> >>>>> What Sergey actually wants you to do is to check if
that
>>>> information
>>>> >>>>> reaches the JAX-RS service, i.e. to try retrieving this
>>>> information
>>>> >>>>> using a method parameter annotated with
>>>> @HeaderParam("Authorization").
>>>> >>>>>
>>>> >>>>> Andreas
>>>> >>>>>
>>>> >>>>> On Fri, Feb 5, 2010 at 15:36, SaravananRamamoorthy
>>>> >>>>> <saravanan.ramamoorthy.s@gmail.com> wrote:
>>>> >>>>>>
>>>> >>>>>> Hi Sergey,
>>>> >>>>>>
>>>> >>>>>>
>>>> >>>>>> Thanks for your continuous help.
>>>> >>>>>> I can able to get the value when the values are
given in the
>>>> header
>>>> >>>>>> part.
>>>> >>>>>> What is the case if the credentials are given in
Authentication
>>>> part.
>>>> >>>>>> I have attached the screenshot for giving the credentials
in aut
>>>> >>>>>> part.
>>>> >>>>>> In this case how can I retrieve the details.
>>>> >>>>>> http://old.nabble.com/file/p27468603/authentication.PNG
>>>> >>>>>> authentication.PNG
>>>> >>>>>>
>>>> >>>>>> Regards
>>>> >>>>>> SaravananRamamoorthy
>>>> >>>>>>
>>>> >>>>>>
>>>> >>>>>> Sergey Beryozkin-2 wrote:
>>>> >>>>>>>
>>>> >>>>>>> Can you post the value of this header please
?
>>>> >>>>>>> cheers, Sergey
>>>> >>>>>>>
>>>> >>>>>>>>
>>>> >>>>>>>> Hi Sergey,
>>>> >>>>>>>>
>>>> >>>>>>>> Yes. The authorization header is sent by
the client. I have
>>>> used
>>>> >>>>>>>> SOAPUI
>>>> >>>>>>>> for
>>>> >>>>>>>> this.
>>>> >>>>>>>>
>>>> >>>>>>>> Regards
>>>> >>>>>>>> SaravananRamamoorthy
>>>> >>>>>>>>
>>>> >>>>>>>>
>>>> >>>>>>>>
>>>> >>>>>>>> Sergey Beryozkin-2 wrote:
>>>> >>>>>>>>>
>>>> >>>>>>>>> I've already asked twice : is Authorization
header actually
>>>> being
>>>> >>>>>>>>> sent
>>>> >>>>>>>>> by
>>>> >>>>>>>>> a client ?
>>>> >>>>>>>>> Can you tell me please if it is the
case or not ? Try adding
>>>> a
>>>> >>>>>>>>> JAXRS
>>>> >>>>>>>>>
>>>> >>>>>>>>> @HeaderParam("Authorization") String
value
>>>> >>>>>>>>>
>>>> >>>>>>>>> to your jaxrs resource method and print
the resulting value.
>>>> >>>>>>>>>
>>>> >>>>>>>>> cheers. Sergey
>>>> >>>>>>>>>
>>>> >>>>>>>>>
>>>> >>>>>>>>>>
>>>> >>>>>>>>>> Hi Sergey,
>>>> >>>>>>>>>>
>>>> >>>>>>>>>> I tried with MessageContext , MessageContextImpl
and
>>>> >>>>>>>>>> SecurityContext.
>>>> >>>>>>>>>> But
>>>> >>>>>>>>>> it
>>>> >>>>>>>>>> always return null.
>>>> >>>>>>>>>> Do we need anything to be configure
in web.xml?
>>>> >>>>>>>>>> Regards
>>>> >>>>>>>>>> SaravananRamamoorthy
>>>> >>>>>>>>>>
>>>> >>>>>>>>>>
>>>> >>>>>>>>>>
>>>> >>>>>>>>>> Sergey Beryozkin-2 wrote:
>>>> >>>>>>>>>>>
>>>> >>>>>>>>>>> Please check
>>>> >>>>>>>>>>>
>>>> >>>>>>>>>>> http://cxf.apache.org/docs/debugging-and-logging.html
>>>> >>>>>>>>>>>
>>>> >>>>>>>>>>> and see the list of tools you
can use to check if the
>>>> >>>>>>>>>>> Authorization
>>>> >>>>>>>>>>> header
>>>> >>>>>>>>>>> is actually available on the
wire. I also like TcpTrace :
>>>> >>>>>>>>>>> http://www.pocketsoap.com/tcptrace/
>>>> >>>>>>>>>>>
>>>> >>>>>>>>>>> Provided this header is present,
you can parse it manually
>>>> by
>>>> >>>>>>>>>>> using
>>>> >>>>>>>>>>> JAXRS
>>>> >>>>>>>>>>> @HeaderParam. I'm sure there're
plenty of Base64 decoding
>>>> >>>>>>>>>>> utils around and CXF has the
one too
>>>> >>>>>>>>>>> (org.apache.cxf.common.util.Base64Utility).
>>>> >>>>>>>>>>>
>>>> >>>>>>>>>>> Alternatively youy can have
a @Context MessageContext
>>>> parameter
>>>> >>>>>>>>>>> passed
>>>> >>>>>>>>>>> in
>>>> >>>>>>>>>>> too and then do
>>>> >>>>>>>>>>> mc.get(AuthorizationPolicy.class.getName());
>>>> >>>>>>>>>>>
>>>> >>>>>>>>>>> Sergey
>>>> >>>>>>>>>>>
>>>> >>>>>>>>>>> ----- Original Message -----
>>>> >>>>>>>>>>> From: "SaravananRamamoorthy"
>>>> <saravanan.ramamoorthy.s@gmail.com>
>>>> >>>>>>>>>>> To: <users@cxf.apache.org>
>>>> >>>>>>>>>>> Sent: Wednesday, February 03,
2010 4:29 PM
>>>> >>>>>>>>>>> Subject: Re: Http basic authentication
in JAX RS
>>>> >>>>>>>>>>>
>>>> >>>>>>>>>>>
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>> Hi Sergey,
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>> Thanks for your suggestions.
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>> I am new to apache cxf.
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>> Is there any direct interface
or context availabe to
>>>> receive
>>>> >>>>>>>>>>>> the
>>>> >>>>>>>>>>>> authentication details just
like @QueryParam.(for
>>>> receiving
>>>> >>>>>>>>>>>> query
>>>> >>>>>>>>>>>> string).
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>> It is enough to print the
username and the password in the
>>>> >>>>>>>>>>>> console.
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>> Please provide the solution.
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>> Regards
>>>> >>>>>>>>>>>> Saravanan R
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>> Sergey Beryozkin-2 wrote:
>>>> >>>>>>>>>>>>>
>>>> >>>>>>>>>>>>> Actually, just looked
at the source of
>>>> MessageContextImpl, it
>>>> >>>>>>>>>>>>> should
>>>> >>>>>>>>>>>>> be
>>>> >>>>>>>>>>>>> mc.get(AuthorizationPolicy.class.getName())
when
>>>> retrieving
>>>> >>>>>>>>>>>>> it from MessageContext
given that uses toString() on the
>>>> >>>>>>>>>>>>> object
>>>> >>>>>>>>>>>>> keys.
>>>> >>>>>>>>>>>>> Also make sure you're
actually seeing an Authorization
>>>> header
>>>> >>>>>>>>>>>>> on
>>>> >>>>>>>>>>>>> the
>>>> >>>>>>>>>>>>> wire
>>>> >>>>>>>>>>>>>
>>>> >>>>>>>>>>>>> cheers, Sergey
>>>> >>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>> Hi Sergey,
>>>> >>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>> I tried with your
suggestions like
>>>> >>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>> public Response
getCredentials(@Context MessageContext
>>>> mc)
>>>> >>>>>>>>>>>>>> {
>>>> >>>>>>>>>>>>>> AuthorizationPolicy
policy =
>>>> >>>>>>>>>>>>>> (AuthorizationPolicy)mc.get(AuthorizationPolicy.class);
>>>> >>>>>>>>>>>>>>            
   System.out.println(policy.getUserName());
>>>> >>>>>>>>>>>>>>            
   .......
>>>> >>>>>>>>>>>>>>            
   .......
>>>> >>>>>>>>>>>>>> When I tried to
give the Authentication from SOAP UI, I
>>>> got
>>>> >>>>>>>>>>>>>> null.
>>>> >>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>> Please correct me
where I did the mistake.
>>>> >>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>> Regards
>>>> >>>>>>>>>>>>>> Saravanan R
>>>> >>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>> Sergey Beryozkin-2
wrote:
>>>> >>>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>>> Hi
>>>> >>>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>>> The only way
at the moment to get AuthorizationPolicy
>>>> object
>>>> >>>>>>>>>>>>>>> in
>>>> >>>>>>>>>>>>>>> the
>>>> >>>>>>>>>>>>>>> app
>>>> >>>>>>>>>>>>>>> code is to do
something like this :
>>>> >>>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>>> @Context MessageContext
mc;
>>>> >>>>>>>>>>>>>>> ....
>>>> >>>>>>>>>>>>>>> AuthorizationPolicy
policy =
>>>> >>>>>>>>>>>>>>> (AuthorizationPolicy)mc.get(AuthorizationPolicy.class);
>>>> >>>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>>> cheers, Sergey
>>>> >>>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>>>> Hi All,
>>>> >>>>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>>>> I am creating
REST application using JAX RS.
>>>> >>>>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>>>> I am using
SOAPUI to test the application.
>>>> >>>>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>>>> My Rest
needs to receive the Http Basic Authentication
>>>> from
>>>> >>>>>>>>>>>>>>>> the
>>>> >>>>>>>>>>>>>>>> SOAPUI.
>>>> >>>>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>>>> I just want
to receive the authentication details like
>>>> >>>>>>>>>>>>>>>> username,password
and
>>>> >>>>>>>>>>>>>>>> domain in
JAX RS method.
>>>> >>>>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>>>> Can anyone
give the idea how to get the authentication
>>>> >>>>>>>>>>>>>>>> details
>>>> >>>>>>>>>>>>>>>> in
>>>> >>>>>>>>>>>>>>>> the
>>>> >>>>>>>>>>>>>>>> parameter
of the method.
>>>> >>>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>>> I ended up not
needing this, but I experimented with
>>>> >>>>>>>>>>>>>>> creating
>>>> >>>>>>>>>>>>>>> an
>>>> >>>>>>>>>>>>>>> "AuthorizationRequestHandler"
class (implements
>>>> >>>>>>>>>>>>>>> RequestHandler)
>>>> >>>>>>>>>>>>>>> and
>>>> >>>>>>>>>>>>>>> putting that
in my "jaxrs:providers" list.  That
>>>> requires a
>>>> >>>>>>>>>>>>>>> "handleRequest(Message
message, ClassResourceInfo
>>>> >>>>>>>>>>>>>>> classResourceInfo)"
>>>> >>>>>>>>>>>>>>> method, where
I can call "AuthorizationPolicy policy  =
>>>> >>>>>>>>>>>>>>> message.get(AuthorizationPolicy.class);".
 The
>>>> >>>>>>>>>>>>>>> AuthorizationPolicy
>>>> >>>>>>>>>>>>>>> contains the
username and password.
>>>> >>>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>>> What is not
clear to me, however, is where this object
>>>> is
>>>> >>>>>>>>>>>>>>> available
>>>> >>>>>>>>>>>>>>> somehow at the
controller level.
>>>> >>>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>> --
>>>> >>>>>>>>>>>>>> View this message
in context:
>>>> >>>>>>>>>>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-
>>>> RS-tp27416364p27437539.html
>>>> >>>>>>>>>>>>>> Sent from the cxf-user
mailing list archive at
>>>> Nabble.com.
>>>> >>>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>
>>>> >>>>>>>>>>>>>
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>> --
>>>> >>>>>>>>>>>> View this message in context:
>>>> >>>>>>>>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS-
>>>> tp27416364p27439212.html
>>>> >>>>>>>>>>>> Sent from the cxf-user mailing
list archive at Nabble.com.
>>>> >>>>>>>>>>>>
>>>> >>>>>>>>>>>
>>>> >>>>>>>>>>>
>>>> >>>>>>>>>>>
>>>> >>>>>>>>>>
>>>> >>>>>>>>>> --
>>>> >>>>>>>>>> View this message in context:
>>>> >>>>>>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS-
>>>> tp27416364p27452426.html
>>>> >>>>>>>>>> Sent from the cxf-user mailing list
archive at Nabble.com.
>>>> >>>>>>>>>>
>>>> >>>>>>>>>
>>>> >>>>>>>>>
>>>> >>>>>>>>
>>>> >>>>>>>> --
>>>> >>>>>>>> View this message in context:
>>>> >>>>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS-
>>>> tp27416364p27467082.html
>>>> >>>>>>>> Sent from the cxf-user mailing list archive
at Nabble.com.
>>>> >>>>>>>>
>>>> >>>>>>>
>>>> >>>>>>>
>>>> >>>>>>
>>>> >>>>>> --
>>>> >>>>>> View this message in context:
>>>> >>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS-
>>>> tp27416364p27468603.html
>>>> >>>>>> Sent from the cxf-user mailing list archive at Nabble.com.
>>>> >>>>>>
>>>> >>>>>>
>>>> >>>>>
>>>> >>>>>
>>>> >>>>
>>>> >>>> --
>>>> >>>> View this message in context:
>>>> >>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS-
>>>> tp27416364p27469191.html
>>>> >>>> Sent from the cxf-user mailing list archive at Nabble.com.
>>>> >>>>
>>>> >>>>
>>>> >>>
>>>> >>>
>>>> >>
>>>> >> --
>>>> >> View this message in context:
>>>> >> http://old.nabble.com/Http-basic-authentication-in-JAX-RS-
>>>> tp27416364p27470023.html
>>>> >> Sent from the cxf-user mailing list archive at Nabble.com.
>>>> >>
>>>> >>
>>>> >
>>>> >
>>>>
>>>> --
>>>> View this message in context: http://old.nabble.com/Http-basic-
>>>> authentication-in-JAX-RS-tp27416364p27470342.html
>>>> Sent from the cxf-user mailing list archive at Nabble.com.
>>>
>>>
>>
>>
>
> --
> View this message in context: http://old.nabble.com/Http-basic-authentication-in-JAX-RS-tp27416364p27495332.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
>

Mime
View raw message