cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angelo zerr <angelo.z...@gmail.com>
Subject Re: HTTP Basic CXF Interceptor with BasicAuthAuthorizationInterceptor
Date Tue, 14 Jun 2011 11:53:25 GMT
2011/6/14 Sergey Beryozkin <sberyozkin@gmail.com>

> Hi Angelo, sorry for a delay, yes, that what I meant
>

No problem:) Ok I have implemented this feature. Now I tell me if
SecurityContext should be implemented (if Principal is null) for Basic
Interceptor like JAASLoginInterceptor which put a SecurityContext. The only
question is how set roles? But if we do that we could use
afterSimpleAuthorizingInterceptor

Regards Angelo


> On Tue, Jun 14, 2011 at 10:54 AM, Angelo zerr <angelo.zerr@gmail.com>
> wrote:
> > Ok I believe understand your idea about realm. I have added a setter in
> my
> > Interceptor :
> >
> > AbstractBasicAuthAuthorizationInterceptor#setRealName(String realName)
> which
> > compute WWW-Authenticate.
> > Ex : AbstractBasicAuthAuthorizationInterceptor#setRealName("MyRealm")
> will
> > returns
> >
> > WWW-Authenticate: Basic realm="MyRealm"
> >
> > If no realm defined,  WWW-Authenticate is not returned. Is that your
> idea?
> > WWW-Authenticate is not required? Do you think we should set a default
> value
> > for Realm?
> >
> > Regards Angelo
> >
> > 2011/6/14 Angelo zerr <angelo.zerr@gmail.com>
> >
> >> Hi Sergey,
> >>
> >> 2011/6/14 Sergey Beryozkin <sberyozkin@gmail.com>
> >>
> >>> Hi
> >>>
> >>> That interceptor should be more neutral, should' not extend a SOAP
> >>> interceptor.
> >>>
> >>
> >> Ok, I have done like JAASLoginInterceptor (extends
> >> AbstractPhaseInterceptor<Message> + constructor initialized with
> >> super(Phase.UNMARSHAL);) and it works.
> >>
> >>
> >>> The other thing you may want to do is to configure it with a realm
> >>> name and if it's not set then
> >>> do not add a realm parameter to the response.
> >>>
> >>
> >> Could you explain me more your idea please.
> >>
> >>
> >>>
> >>> FYI, CXF ships JAASLoginInterceptor - which will check if Basic (or
> >>> other similar HTTP Authorization type was set)
> >>> and then will delegate to JAAS to do the actual authentication:
> >>> http://cxf.apache.org/docs/security.html#Security-Authentication
> >>>
> >>> I propose that you create a patch in rt/core,
> >>> org.apache.cxf.interceptor.security package, that will make it easier
> >>> for me to move the relevant code to a rt/security module
> >>>
> >>
> >> My first idea is to create a WTP sample application with my code (I have
> >> created org.apache.cxf.interceptor.security.basic package) and send you
> with
> >> sample which work.
> >>  After I could create a patch if you need.
> >>
> >> Regards Angelo
> >>
> >>>
> >>> Thanks, Sergey
> >>>
> >>> On Tue, Jun 14, 2011 at 7:38 AM, Angelo zerr <angelo.zerr@gmail.com>
> >>> wrote:
> >>> > Hi Freeman,
> >>> >
> >>> > Thank a lot for your answer. I will prepare you a contribution and
> send
> >>> you.
> >>> >
> >>> > Regards Angelo
> >>> >
> >>> > 2011/6/14 Freeman Fang <freeman.fang@gmail.com>
> >>> >
> >>> >> Hi,
> >>> >>
> >>> >> Sure, any contribution is welcome.
> >>> >>
> >>> >> And in CXF we also can use jetty security handler to enable basic
> auth
> >>> >> which can configure the realm easily, we have a system testcase
for
> >>> it[1],
> >>> >> you may wanna take a look.
> >>> >>
> >>> >> [1]
> >>> >>
> >>>
> https://svn.apache.org/repos/asf/cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/JettyBasicAuthTest.java
> >>> >> Freeman
> >>> >>
> >>> >> On 2011-6-13, at 下午11:34, Angelo zerr wrote:
> >>> >>
> >>> >>  Hi CXF Team,
> >>> >>>
> >>> >>> I would like to manage WebService with HTTP Basic CXF Interceptor
> and
> >>> I
> >>> >>> have
> >>> >>> not found this interceptor in the CXF. So I have used the great
> code
> >>> from
> >>> >>>
> >>> >>>
> >>>
> http://chrisdail.com/2008/03/31/apache-cxf-with-http-basic-authentication/and
> >>> >>> it works great.
> >>> >>> I have noticed that some projects like
> >>> >>>
> >>> >>>
> >>>
> http://code.google.com/p/fenius/source/browse/trunk/fenius-util/src/main/java/is/glif/fenius/util/BasicAuthAuthorizationInterceptor.java?r=111have
> >>> >>> used this code and I tell me why CXF doesn't include the
> >>> >>> BasicAuthAuthorizationInterceptor class?
> >>> >>>
> >>> >>> I have modified BasicAuthAuthorizationInterceptor to delegate
> >>> >>> user/password
> >>> >>> to another interface implementation and if you wish I could
send
> you
> >>> my
> >>> >>> work
> >>> >>> and tell to the author of the BasicAuthAuthorizationInterceptor
if
> he
> >>> is
> >>> >>> OK
> >>> >>> to contribute to CXF.
> >>> >>>
> >>> >>> Thank a lot for your answer.
> >>> >>>
> >>> >>> Regards Angelo
> >>> >>>
> >>> >>
> >>> >> ---------------------------------------------
> >>> >> Freeman Fang
> >>> >>
> >>> >> FuseSource
> >>> >> Email:ffang@fusesource.com
> >>> >> Web: fusesource.com
> >>> >> Twitter: freemanfang
> >>> >> Blog: http://freemanfang.blogspot.com
> >>> >>
> >>> >>
> >>> >>
> >>> >>
> >>> >>
> >>> >>
> >>> >>
> >>> >>
> >>> >>
> >>> >>
> >>> >
> >>>
> >>
> >>
> >
>
>
>
> --
> Sergey Beryozkin
>
> Application Integration Division of Talend
> http://sberyozkin.blogspot.com
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message