cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei Shakirin <ashaki...@talend.com>
Subject RE: Secure CXF rsServer with Jaas authentication
Date Thu, 10 Apr 2014 18:13:11 GMT
Hi,

I am redirecting the question into user list, if you don't mind.

I think OAuth 2.0 client credentials could be elegant solution for this case (https://cxf.apache.org/docs/jax-rs-oauth2.html).

You will be able to authenticate client first time with HTTP basic credentials against OAuth
Authentication Service (authentication can be JAAS based) and issue AccessToken (and RefreshToken).
For further call Resource Service will validate AccessToken and you don't need to send HTTP
basic credentials anymore.

Second option is using SAML authentication token and STS with JAAS extension, but this is
more involved (https://cxf.apache.org/docs/jax-rs-saml.html ).

Does it make sense for you?

Regards,
Andrei.

> -----Original Message-----
> From: Honey Goyal [mailto:er.honey2012@gmail.com]
> Sent: Donnerstag, 10. April 2014 10:06
> To: dev@cxf.apache.org
> Subject: Secure CXF rsServer with Jaas authentication
> 
> Hi,
> 
> I am newbie to CXF. I have configured CXF JAASAuthenticationFilter to
> authenticate by jaas realm to each rest call. But each time i had to pass Basic
> Authenticate header to authenticate it. Can i configure any token based login
> along with JAAS? So that only first time it authenticate with jaas and return any
> auth token. Next time only i need that auth token to make call from client side.
> 
> This is my working blueprint
> 
> <?xml version="1.0" encoding="UTF-8"?>
> <blueprint
> 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> 	xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
>     xmlns:camel="http://camel.apache.org/schema/blueprint"
>     xmlns:cxf="http://camel.apache.org/schema/blueprint/cxf"
>     xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.0.0"
>     xmlns:jaxrs="http://cxf.apache.org/blueprint/jaxrs"
>     xsi:schemaLocation="
> 		http://www.osgi.org/xmlns/blueprint/v1.0.0
> http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
> 		http://camel.apache.org/schema/blueprint/cxf
> http://camel.apache.org/schema/blueprint/cxf/camel-cxf.xsd
> 		http://cxf.apache.org/blueprint/jaxrs
> http://cxf.apache.org/schemas/blueprint/jaxrs.xsd
> 		http://camel.apache.org/schema/blueprint
> http://camel.apache.org/schema/blueprint/camel-blueprint.xsd" >
> 
> 	<cm:property-placeholder persistent-id="com.xxxx.cp.securitytoken">
>            <cm:default-properties>
>               <cm:property name="myapp.api.url"
> value="http://localhost:80/v1" />
>            </cm:default-properties>
>         </cm:property-placeholder>
> 
>       	<cxf:rsServer id="rsServer" address="/security"
> serviceClass="com.xxxx.cp.securitytoken.SecurityTokenServiceImpl">
> 	    <cxf:providers>
> 	       <ref component-id="authorizationFilter"/>
> 	    </cxf:providers>
>    	  </cxf:rsServer>
> 
>         < bean id="authorizationFilter"
> class="org.apache.cxf.jaxrs.security.JAASAuthenticationFilter">
>  	             Name of the JAAS Context
>  	             <property name="contextName" value="myRealm"/>
>  	       </bean>
> 
>  	<camelContext xmlns="http://camel.apache.org/schema/blueprint"
> id="security">
>  	     <route>
> 		<from uri="cxfrs://bean://rsServer"/>
> 		<to uri="{{myapp.api.url}}?bridgeEndpoint=true" />
>  	     </route>
>  	</camelContext>
> 
> </blueprint>
> 
> 
> 
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Secure-CXF-
> rsServer-with-Jaas-authentication-tp5742659.html
> Sent from the cxf-dev mailing list archive at Nabble.com.

Mime
View raw message