cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <>
Subject Re: Simple Problem - Restful HTTP Basic Auth over HTTPS
Date Mon, 19 Aug 2013 06:57:43 GMT

On 18/08/13 23:30, rpd wrote:
> Dear Sergey
> Thanks very much for responding so quickly.  I looked up what I could find
> on CXFServlet and understand that I must deploy it in my web.xml. So that
> solves the https issue so long as I configure Tomcat SSL etc.
> However, I don't think that you're advising me to extend CXFServlet in my
> code instead of HttpServlet and therefore write normal servlet code. So,
> given that I am not writing the all-familiar servlet, that leaves me
> wondering how a service that I implement is going to...

CXFServlet is a regular Servlet whose primary goal is to route a current 
HTTP request to a WS or RS endpoint. My understanding was, you were 
preferring to keep using Servlet-level declarative security, right ? So 
I believe you can apply all the security-constraints to CXFServlet, 
example, tell Tomcat it should do Basic authentication.

> (a) perform the HTTP basic auth

See above; using JAAS would be another option

> (b) allow me to access the user-name (I think you called the principal)
> against the session.
You can inject JAX-RS SecurityContext into your service code and access 
Principal (and its name)

> Take, for example, the code fragment on pages 175-176 of the Apache CXF Web
> Development book - the "CategoryService" class.  Suppose that all methods
> require as a pre-condition that the requestor be authenticated. Suppose also
> that I needed to obtain the user-name in one or all of the methods (e.g. the
> getCategory method).
> How would I modify this code to get what I need and what would I need to
> setup beforehand apart from the deployment of the CXFServlet?  (NB we're not
> Spring guys either I'm afraid)
I don't own the copy, but I'm hoping what I said above should clarify 
things more

Cheers, Sergey

> best regards, Rob.
> --
> View this message in context:
> Sent from the cxf-user mailing list archive at

Sergey Beryozkin

Talend Community Coders


View raw message