Return-Path: X-Original-To: apmail-cxf-users-archive@www.apache.org Delivered-To: apmail-cxf-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0D670C1DE for ; Thu, 21 Jun 2012 21:35:40 +0000 (UTC) Received: (qmail 33627 invoked by uid 500); 21 Jun 2012 21:35:39 -0000 Delivered-To: apmail-cxf-users-archive@cxf.apache.org Received: (qmail 33577 invoked by uid 500); 21 Jun 2012 21:35:39 -0000 Mailing-List: contact users-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cxf.apache.org Delivered-To: mailing list users@cxf.apache.org Received: (qmail 33568 invoked by uid 99); 21 Jun 2012 21:35:39 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Jun 2012 21:35:39 +0000 X-ASF-Spam-Status: No, hits=0.6 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS,URI_HEX X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of sberyozkin@gmail.com designates 74.125.83.41 as permitted sender) Received: from [74.125.83.41] (HELO mail-ee0-f41.google.com) (74.125.83.41) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Jun 2012 21:35:32 +0000 Received: by eekb47 with SMTP id b47so464413eek.0 for ; Thu, 21 Jun 2012 14:35:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=YMLntdMWLjnAcFYIQeCR4H7YPIHlsGcMjSZA70BGOCA=; b=PJ0QUZ5qEbhZcQnVkjAw8Ad9DKhWVZb0va/j2jRYJGJ79Qj7u5/yFIieA2dpEWW8Me tDIReAXG483ukBIiROEtXzOrIhIHR3CXLYsyqMeI7qrvla7QUjuf5D2FBejD6ozEJG6Z xjTx6X9rZ+4ue/ZI5omaVtBRvkC7rF3HU56tlngaZ+pbvkVbJHxgL6PP0JZLsiBX15db KprL85iWXE3C7ZP+LTDngKoinydNXvUgWrt6h/sImQXI80rXpJnJXBL/MJl72YLgqZ5U 354YyY6Zyavqwf+92bPUzLcrxRL+4PFOWldY1XCmMgH3EcR1PfmRinOchxO8wDqunZwA wHyw== Received: by 10.14.95.199 with SMTP id p47mr6353077eef.22.1340314512197; Thu, 21 Jun 2012 14:35:12 -0700 (PDT) Received: from [192.168.2.3] ([89.100.138.91]) by mx.google.com with ESMTPS id q53sm106594818eef.8.2012.06.21.14.35.11 (version=SSLv3 cipher=OTHER); Thu, 21 Jun 2012 14:35:11 -0700 (PDT) Message-ID: <4FE3938D.9080109@gmail.com> Date: Thu, 21 Jun 2012 22:35:09 +0100 From: Sergey Beryozkin User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1 MIME-Version: 1.0 To: users@cxf.apache.org CC: semecxf Subject: Re: CORS and Http Basic Authentication References: <1340297547483-5710112.post@n5.nabble.com> In-Reply-To: <1340297547483-5710112.post@n5.nabble.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit On 21/06/12 17:52, semecxf wrote: > I have authentication class which implements > org.apache.cxf.jaxrs.ext.RequestHandler to do authentication. > My code works fine, except with cors. > In cors request (AuthorizationPolicy)message.get(AuthorizationPolicy.class) > returns null therefore I can't get user name and password. > > Any body knows how cors and http basic authentication work? > this entry provides some useful info: http://avalanche123.com/blog/2011/10/10/cross-domain-javascript-lessons-learned/ By the way, we may need to enhance the CXF CORS filter to return 'Access-Control-Allow-Credentials: true' if it's configured to enforce BasicAuth and no AuthorizationPolicy is available. Sergey > -- > View this message in context: http://cxf.547215.n5.nabble.com/CORS-and-Http-Basic-Authentication-tp5710112.html > Sent from the cxf-user mailing list archive at Nabble.com. -- Sergey Beryozkin Talend Community Coders http://coders.talend.com/ Blog: http://sberyozkin.blogspot.com