cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Freeman Fang <freeman.f...@gmail.com>
Subject Re: Authentication / Authorization with with http jetty transport in standalone mode
Date Thu, 25 Nov 2010 13:32:44 GMT
Hi,
To enable server side HTTP Basic Auth, we need an interceptor to do  
it,  the basic idea is extract AuthorizationPolicy from the incoming  
message and compare the username/password, but it's not so  
complicated, here is a good article[1] to show how to do it.

Or another way to configure server side basic auth could be configure  
the jetty instance to handle the authentication,  as Jetty has a  
"SecurityHandler" that can be configured into the handlers via CXF  
config.

Hope this helps.
[1]http://chrisdail.com/2008/03/31/apache-cxf-with-http-basic-authentication/

Freeman
On 2010-11-25, at 下午8:51, Schneider Christian wrote:

> Hi all,
>
> I already know how to configure security in a servlet environment  
> but the service uses the built in jetty to open the http port. I  
> have not yet found any information on how to set up authentication /  
> authorization in this case.
>
> In my case basic auth against a static set of usernames / passwords  
> would be enough for authentication.
> For authorization a static group would be ok. Ideal would be to get  
> the group from LDAP.
>
> Can I simply do these configs in the jetty instance somehow?
>
> Best regards
>
> Christian
>
>
> Christian Schneider
> Informationsverarbeitung
> Business Solutions
> Handel und Dispatching
>
> Tel : +49-(0)721-63-15482
>
> EnBW Systeme Infrastruktur Support GmbH
> Sitz der Gesellschaft: Karlsruhe
> Handelsregister: Amtsgericht Mannheim ‑ HRB 108550
> Vorsitzender des Aufsichtsrats: Dr. Bernhard Beck
> Geschäftsführer: Jochen Adenau, Hans-Günther Meier
>
>
>


-- 
Freeman Fang

------------------------

FuseSource: http://fusesource.com
blog: http://freemanfang.blogspot.com
twitter: http://twitter.com/freemanfang
Apache Servicemix:http://servicemix.apache.org
Apache Cxf: http://cxf.apache.org
Apache Karaf: http://karaf.apache.org
Apache Felix: http://felix.apache.org


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message