cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Schneider <>
Subject Re: HTTP Basic CXF Interceptor with BasicAuthAuthorizationInterceptor
Date Tue, 14 Jun 2011 17:04:00 GMT
I think we can provide an authentication hook in form of an interface 
that people can implement. Like:

interface UserPasswordAuthenticationProvider {
   boolean authenticate(String userName, String password);

This could be called by the interceptor to check the authentication.

We would of course also need a way to gather the roles/groups. Either as 
a list of roles or as a isInGroup callback.

To store the authentication result the DefaultSecurityContext or the 
RolePrefixSecurityContextImpl could be used.
I donĀ“t think we need to reimplement SecurityContext.


Am 14.06.2011 18:40, schrieb Sergey Beryozkin:
> I can actually see the source (thanks to Christian for pointing me to
> it :-)) but I'd like to understand what are you trying to do besides
> enforcing that BasicAuth is there. I thought you needed to get
> username&  password and get the custom authentication done by
> interacting somehow with your custom SecurityManager, right ?  I'm not
> sure we can generilize that process in CXF itself, the process of
> communicating with the custom SecurityManager - JAAS or/and Spring is
> there for that.

Christian Schneider

Open Source Architect
Talend Application Integration Division

View raw message