cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephen Langella <stephen.lange...@inventrio.com>
Subject Rest Security
Date Fri, 17 Sep 2010 01:08:08 GMT

	I have developed a rest service that uses https/SSL with client authentication.   I can have
deployed the service and tested it using client proxies create with JAXRSClientFactory.  I
have confirmed that the authentication is working and that the client can connect to the service
etc.   What I am trying to do now is get the client's authentication identity such that I
can make an authorization decision within the service.   I have annotated my rest service
implementation using @Context such that both the javax.ws.rs.core.SecurityContext and org.apache.cxf.jaxrs.ext.MessageContext
get injected.   I have validated that both do get injected at runtime.   The problem I am
running into is when I call to getUserPrincipal(), it returns null, when I am expecting the
client's DN.  In addition when I call getAuthenticationScheme(), it returns "Unknown scheme",
when I am expecting "CLIENT_CERT_AUTH".  Any ideas on what I might be doing wrong?  Thanks
in advance.

--Steve


Stephen Langella

Inventrio
545 Metro Place South, Suite 475
Dublin, OH 43017
Phone: (614) 389-2795 x102
Fax: (614) 522-6249
Email: Stephen.Langella@inventrio.com
http://www.inventrio.com









Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message