cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angelo zerr <angelo.z...@gmail.com>
Subject Re: HTTP Basic CXF Interceptor with BasicAuthAuthorizationInterceptor
Date Tue, 14 Jun 2011 10:29:56 GMT
Hi Christian ,

Thank a lot for your information. In my case I'm using Tomcat and WebSphere
but Authentification must be delegate to our own security manager. That's
why I need to manage basic autnetification. I don't use Spring to publish my
webservice (just with Java code with Endpoint#publish).

Regards Angelo

2011/6/14 Christian Schneider <chris@die-schneider.net>

> Hi Angelo,
>
> do you run your service in Tomcat or standalone? If you run in tomcat or
> any similar servlet container you can setup authnentication and
> authorization using the container. Then CXF
> will fetch the authenticated principal which you can use in CXF. For
> example you can combine this with spring security to do role based
> authentication on method level. If you only need authentication based on the
> url of the endpoint then the features of the container are often even
> enough.
>
> So for many use cases you donĀ“t need a special interceptor.
>
> We have an example how to secure a cxf service using camel and spring
> security in the Talend Integration Factory examples:
> https://github.com/Talend/tif/tree/master/examples/spring-security
>
> Like said this example also includes camel so it is not exactly what you
> want but I think it can be adapted to use cxf only. The main thing is simply
> to make sure the spring security authentication is done and to wire in the
> processing of jsr 250 annotations.
>
> This does the spring authentication:
>
> <filter>
> <filter-name>springSecurityFilterChain</filter-name>
>
> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
> </filter>
> <filter-mapping>
> <filter-name>springSecurityFilterChain</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
>
>
>
> This enables annotation processing by spring:
>
>  <global-method-security  jsr250-annotations="enabled"  xmlns="
> http://www.springframework.org/schema/security"/>
>
>
>
> Best regards
>
> Christian
>
>
> Am 13.06.2011 17:34, schrieb Angelo zerr:
>
>  Hi CXF Team,
>>
>> I would like to manage WebService with HTTP Basic CXF Interceptor and I
>> have
>> not found this interceptor in the CXF. So I have used the great code from
>>
>> http://chrisdail.com/2008/03/31/apache-cxf-with-http-basic-authentication/and
>> it works great.
>> I have noticed that some projects like
>>
>> http://code.google.com/p/fenius/source/browse/trunk/fenius-util/src/main/java/is/glif/fenius/util/BasicAuthAuthorizationInterceptor.java?r=111have
>> used this code and I tell me why CXF doesn't include the
>> BasicAuthAuthorizationInterceptor class?
>>
>> I have modified BasicAuthAuthorizationInterceptor to delegate
>> user/password
>> to another interface implementation and if you wish I could send you my
>> work
>> and tell to the author of the BasicAuthAuthorizationInterceptor if he is
>> OK
>> to contribute to CXF.
>>
>> Thank a lot for your answer.
>>
>> Regards Angelo
>>
>>
>
> --
> --
> Christian Schneider
> http://www.liquid-reality.de
>
> Open Source Architect
> Talend Application Integration Division http://www.talend.com
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message