You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cxf.apache.org by "jeremy.kittel" <je...@mediabeacon.com> on 2015/04/28 18:48:30 UTC

Dynamic Enable/Disable

I've a question about Fediz. I'm currently using to protect a jetty
web application and wondering if it is possible to enable/disable
Fediz authentication dynamically?


For instance I've configured jetty to use a security handler


depicted in code below:

SecurityHandler aSecurityHandler = new ConstraintSecurityHandler();
aSecurityHandler.setRealmName(null);
LoginService aLoginService = new FederationLoginService("WSFED");
aSecurityHandler.setLoginService(aLoginService);
FederationAuthenticator aAuthenticator = new FederationAuthenticator();
aAuthenticator.setConfigFile(aJettyHome + File.separator +  "contexts"
+ File.separator + "fediz_config.xml");
aSecurityHandler.setAuthenticator(aAuthenticator);
myWebApplicationContext.setSecurityHandler(aSecurityHandler);
myWebApplicationContext.addOverrideDescriptor(aJettyHome +
File.separator + "etc" + File.separator + "override-web.xml");


This I'd like to be able to bypass fediz authentication in some cases
and fall back to our application level authentication vs the webserver
authentication.

Is this at all possible?

Please advise



--
View this message in context: http://cxf.547215.n5.nabble.com/Dynamic-Enable-Disable-tp5756689.html
Sent from the cxf-dev mailing list archive at Nabble.com.