You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by David Karlsen <da...@gmail.com> on 2019/01/06 12:43:26 UTC
JAX-RS authorisation header callback filter support
Hi - I'm developing a JAX-RS client app, which should call some services
that are secured by OIDC headers (e.g. a HTTP Authorization header).
I have another service to provide me the token based on username/pw login.
Are there any pre-made filters or the likes in CXF to support this flow - I
would guess it is a quite common pattern...
Something like:
call service, filter detects missing header and that the service requires a
token, then delegates to a service to invoke token-issuing service and
user-resolver (to give paramters), then puts the token in the header for
the original service-call.
--
--
David J. M. Karlsen - http://www.linkedin.com/in/davidkarlsen
Re: JAX-RS authorisation header callback filter support
Posted by David Karlsen <da...@gmail.com>.
No worries - I whipped up some code - I just though the pattern is so
common that some stuff with callbacks could already be in place (and in
that case I didn't want to duplicate it).
Thanks for the offer though!
Den søn. 6. jan. 2019 kl. 14:26 skrev James Carman <
james@carmanconsulting.com>:
> I don’t know of any pre-existing filters, but I have written this exact
> filter. If you need an example, let me know. I might have to generify it a
> bit before I can share.
> On Sun, Jan 6, 2019 at 7:43 AM David Karlsen <da...@gmail.com>
> wrote:
>
>> Hi - I'm developing a JAX-RS client app, which should call some services
>> that are secured by OIDC headers (e.g. a HTTP Authorization header).
>> I have another service to provide me the token based on username/pw login.
>> Are there any pre-made filters or the likes in CXF to support this flow -
>> I
>> would guess it is a quite common pattern...
>>
>> Something like:
>> call service, filter detects missing header and that the service requires
>> a
>> token, then delegates to a service to invoke token-issuing service and
>> user-resolver (to give paramters), then puts the token in the header for
>> the original service-call.
>>
>> --
>> --
>> David J. M. Karlsen - http://www.linkedin.com/in/davidkarlsen
>>
>
--
--
David J. M. Karlsen - http://www.linkedin.com/in/davidkarlsen
Re: JAX-RS authorisation header callback filter support
Posted by James Carman <ja...@carmanconsulting.com>.
I don’t know of any pre-existing filters, but I have written this exact
filter. If you need an example, let me know. I might have to generify it a
bit before I can share.
On Sun, Jan 6, 2019 at 7:43 AM David Karlsen <da...@gmail.com> wrote:
> Hi - I'm developing a JAX-RS client app, which should call some services
> that are secured by OIDC headers (e.g. a HTTP Authorization header).
> I have another service to provide me the token based on username/pw login.
> Are there any pre-made filters or the likes in CXF to support this flow - I
> would guess it is a quite common pattern...
>
> Something like:
> call service, filter detects missing header and that the service requires a
> token, then delegates to a service to invoke token-issuing service and
> user-resolver (to give paramters), then puts the token in the header for
> the original service-call.
>
> --
> --
> David J. M. Karlsen - http://www.linkedin.com/in/davidkarlsen
>