cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei Shakirin <>
Subject RE: JAX-RS Security - Authentication
Date Wed, 07 May 2014 06:24:00 GMT
Hi Paul,

a) If user is not authenticated, the getting username and password depending on authentication
schema. For example for HTTP basic, CXF packs authentication information into AuthorizationPolicy:
        AuthorizationPolicy policy = (AuthorizationPolicy)message.get(AuthorizationPolicy.class);
        String username = policy.getUserName();
        String password = policy.getPassword();

b) If user already authenticated, for example with JAAS, you can get user name from SecurityContext
SecurityContext securityContext;

or in filter:


From: Paul Avijit [] 
Sent: Mittwoch, 7. Mai 2014 00:11
To:; Andrei Shakirin
Subject: Re: JAX-RS Security - Authentication

Thanks Andrei.

I have used ContainerRequestFilter and could make it work successfully.

How can I get the username in my service implementation class.

On Tuesday, May 6, 2014 6:14 AM, Andrei Shakirin <> wrote:

I assume you mean JAASAuthenticationFilter. 
This filter use JAAS to authenticate users:

You should set up  JAAS configuration for your application server, looks like for example
so for LDAP:
ldap { required
    connection.username = cn=Directory Manager
    connection.password = myPassword
    connection.url = ldap://localhost:389
    user.base.dn = ou=employees,dc=example,dc=com
    user.filter = (uid=%u) = true
    role.base.dn = ou=roles,dc=example,dc=com
    role.filter = (member:=uid=%u) = cn = true
    authentication = simple

Refer your Application Server documentation to see where jaas configuration should be located
and which login modules are available.

Alternative you can use non-jaas RequestHandler (ContainerRequestFilter for jax-rs 2.0) and
authenticate user using other mechanism.


> -----Original Message-----
> From: Paul Avijit []
> Sent: Dienstag, 6. Mai 2014 00:32
> To:
> Subject: JAX-RS Security - Authentication
> Hi,
> I have a REST Service which I want to secure by authenticating the user. I have
> referred the following CXF user guide link:
> Authentication
> In the above link, it describes how to configure authentication filter using jaxrs
> provider in spring context file.
> The authentication filter has a property, contextName and is configured to use
> the login context "BookLogin".
> How do I develop and configure this login context in an application server.
> Please help.
> Thanks in advance.
> Regards
> Paul

View raw message