cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <sberyoz...@gmail.com>
Subject Re: Secure CXF rsServer with Jaas authentication
Date Fri, 11 Apr 2014 11:08:15 GMT
Hi Andrei
On 10/04/14 19:13, Andrei Shakirin wrote:
> Hi,
>
> I am redirecting the question into user list, if you don't mind.
>
> I think OAuth 2.0 client credentials could be elegant solution for this case (https://cxf.apache.org/docs/jax-rs-oauth2.html).
> You will be able to authenticate client first time with HTTP basic credentials against
OAuth Authentication Service (authentication can be JAAS based) and issue AccessToken (and
RefreshToken).
> For further call Resource Service will validate AccessToken and you don't need to send
HTTP basic credentials anymore.
>
> Second option is using SAML authentication token and STS with JAAS extension, but this
is more involved (https://cxf.apache.org/docs/jax-rs-saml.html ).
>
I think it is a perfect summary of the options on the RS path

Cheers, Sergey
> Does it make sense for you?
>
> Regards,
> Andrei.
>
>> -----Original Message-----
>> From: Honey Goyal [mailto:er.honey2012@gmail.com]
>> Sent: Donnerstag, 10. April 2014 10:06
>> To: dev@cxf.apache.org
>> Subject: Secure CXF rsServer with Jaas authentication
>>
>> Hi,
>>
>> I am newbie to CXF. I have configured CXF JAASAuthenticationFilter to
>> authenticate by jaas realm to each rest call. But each time i had to pass Basic
>> Authenticate header to authenticate it. Can i configure any token based login
>> along with JAAS? So that only first time it authenticate with jaas and return any
>> auth token. Next time only i need that auth token to make call from client side.
>>
>> This is my working blueprint
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <blueprint
>> 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> 	xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
>>      xmlns:camel="http://camel.apache.org/schema/blueprint"
>>      xmlns:cxf="http://camel.apache.org/schema/blueprint/cxf"
>>      xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.0.0"
>>      xmlns:jaxrs="http://cxf.apache.org/blueprint/jaxrs"
>>      xsi:schemaLocation="
>> 		http://www.osgi.org/xmlns/blueprint/v1.0.0
>> http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
>> 		http://camel.apache.org/schema/blueprint/cxf
>> http://camel.apache.org/schema/blueprint/cxf/camel-cxf.xsd
>> 		http://cxf.apache.org/blueprint/jaxrs
>> http://cxf.apache.org/schemas/blueprint/jaxrs.xsd
>> 		http://camel.apache.org/schema/blueprint
>> http://camel.apache.org/schema/blueprint/camel-blueprint.xsd" >
>>
>> 	<cm:property-placeholder persistent-id="com.xxxx.cp.securitytoken">
>>             <cm:default-properties>
>>                <cm:property name="myapp.api.url"
>> value="http://localhost:80/v1" />
>>             </cm:default-properties>
>>          </cm:property-placeholder>
>>
>>        	<cxf:rsServer id="rsServer" address="/security"
>> serviceClass="com.xxxx.cp.securitytoken.SecurityTokenServiceImpl">
>> 	    <cxf:providers>
>> 	       <ref component-id="authorizationFilter"/>
>> 	    </cxf:providers>
>>     	  </cxf:rsServer>
>>
>>          < bean id="authorizationFilter"
>> class="org.apache.cxf.jaxrs.security.JAASAuthenticationFilter">
>>   	             Name of the JAAS Context
>>   	             <property name="contextName" value="myRealm"/>
>>   	       </bean>
>>
>>   	<camelContext xmlns="http://camel.apache.org/schema/blueprint"
>> id="security">
>>   	     <route>
>> 		<from uri="cxfrs://bean://rsServer"/>
>> 		<to uri="{{myapp.api.url}}?bridgeEndpoint=true" />
>>   	     </route>
>>   	</camelContext>
>>
>> </blueprint>
>>
>>
>>
>> --
>> View this message in context: http://cxf.547215.n5.nabble.com/Secure-CXF-
>> rsServer-with-Jaas-authentication-tp5742659.html
>> Sent from the cxf-dev mailing list archive at Nabble.com.


Mime
View raw message