cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei Shakirin <ashaki...@talend.com>
Subject RE: JAX-RS Security - Authentication
Date Wed, 07 May 2014 06:24:00 GMT
Hi Paul,

a) If user is not authenticated, the getting username and password depending on authentication
schema. For example for HTTP basic, CXF packs authentication information into AuthorizationPolicy:
        AuthorizationPolicy policy = (AuthorizationPolicy)message.get(AuthorizationPolicy.class);
        String username = policy.getUserName();
        String password = policy.getPassword();

b) If user already authenticated, for example with JAAS, you can get user name from SecurityContext
principle:
@Context
SecurityContext securityContext;
...
securityContext.getUserPrincipal();

or in filter:
requestContext.getSecurityContext().getUserPrincipal();

Regards,
Andrei.

From: Paul Avijit [mailto:paulavijit@yahoo.com] 
Sent: Mittwoch, 7. Mai 2014 00:11
To: users@cxf.apache.org; Andrei Shakirin
Subject: Re: JAX-RS Security - Authentication

Thanks Andrei.

I have used ContainerRequestFilter and could make it work successfully.

How can I get the username in my service implementation class.

Regards
Paul
On Tuesday, May 6, 2014 6:14 AM, Andrei Shakirin <ashakirin@talend.com> wrote:
Hi,

I assume you mean JAASAuthenticationFilter. 
This filter use JAAS to authenticate users: http://en.wikipedia.org/wiki/Java_Authentication_and_Authorization_Service


You should set up  JAAS configuration for your application server, looks like for example
so for LDAP:
jaas.config:
ldap { 
    com.sun.security.auth.module.LDAPLoginModule required
    initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
    connection.username = cn=Directory Manager
    connection.password = myPassword
    connection.url = ldap://localhost:389
    user.base.dn = ou=employees,dc=example,dc=com
    user.filter = (uid=%u)
    user.search.subtree = true
    role.base.dn = ou=roles,dc=example,dc=com
    role.filter = (member:=uid=%u)
    role.name.attribute = cn
    role.search.subtree = true
    authentication = simple
};

Refer your Application Server documentation to see where jaas configuration should be located
and which login modules are available.

Alternative you can use non-jaas RequestHandler (ContainerRequestFilter for jax-rs 2.0) and
authenticate user using other mechanism.

Regards,
Andrei.

> -----Original Message-----
> From: Paul Avijit [mailto:paulavijit@yahoo.com]
> Sent: Dienstag, 6. Mai 2014 00:32
> To: users@cxf.apache.org
> Subject: JAX-RS Security - Authentication
> 
> Hi,
> 
> I have a REST Service which I want to secure by authenticating the user. I have
> referred the following CXF user guide link:
> http://cxf.apache.org/docs/secure-jax-rs-services.html#SecureJAX-RSServices-
> Authentication
> 
> In the above link, it describes how to configure authentication filter using jaxrs
> provider in spring context file.
> 
> The authentication filter has a property, contextName and is configured to use
> the login context "BookLogin".
> 
> How do I develop and configure this login context in an application server.
> Please help.
> 
> Thanks in advance.
> 
> Regards
> Paul


Mime
View raw message