You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by SaravananRamamoorthy <sa...@gmail.com> on 2010/02/05 11:20:01 UTC

securing JAX RS

Dear All,

To retrieve the Basic Authentication credentials using JAX RS, what are the
steps to be followed.

1. Any configuration need in web.xml?
2. In Jax rs resource class , what parameter is used to retrieve the Basic
authentication credentials like HeaderParam, MessageContext etc..

I have tried out with the link

http://chrisdail.com/2008/03/31/apache-cxf-with-http-basic-authentication/

Please help me how to use this concept in resource class.

Can anyone send the sample code to retrieve the credentials.

Thanks for your help.

Regards
SaravananRamamoorthy
-- 
View this message in context: http://old.nabble.com/securing-JAX-RS-tp27465890p27465890.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: securing JAX RS

Posted by SaravananRamamoorthy <sa...@gmail.com>.

Dear All,

In my scenario, I dont want to authenticate the user in JAX RS or CXF
interceptor.I just want to go through the credentials to my external
webservice.
So it is enough to retrieve the credentials from Http Authentication and
added to the soap header of the webservice.

Now I can able to retrieve the credentials.

For the long time , I cannot be able to retrieve the credentials because of:

In SoapUI, it is essestial to explicitly allow the authentication to
outgoing request.I was not enable the options.

Thanks for your support and help.

Regards
SaravananRamamoorthy





Andreas Veithen-2 wrote:
> 
> Everything depends on where you want authentication to happen: in the
> container, in CXF (i.e. in an interceptor) or in the resource.
> 
> Andreas
> 
> On Fri, Feb 5, 2010 at 11:20, SaravananRamamoorthy
> <sa...@gmail.com> wrote:
>>
>> Dear All,
>>
>> To retrieve the Basic Authentication credentials using JAX RS, what are
>> the
>> steps to be followed.
>>
>> 1. Any configuration need in web.xml?
>> 2. In Jax rs resource class , what parameter is used to retrieve the
>> Basic
>> authentication credentials like HeaderParam, MessageContext etc..
>>
>> I have tried out with the link
>>
>> http://chrisdail.com/2008/03/31/apache-cxf-with-http-basic-authentication/
>>
>> Please help me how to use this concept in resource class.
>>
>> Can anyone send the sample code to retrieve the credentials.
>>
>> Thanks for your help.
>>
>> Regards
>> SaravananRamamoorthy
>> --
>> View this message in context:
>> http://old.nabble.com/securing-JAX-RS-tp27465890p27465890.html
>> Sent from the cxf-user mailing list archive at Nabble.com.
>>
>>
> 
> 

-- 
View this message in context: http://old.nabble.com/securing-JAX-RS-tp27465890p27495302.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: securing JAX RS

Posted by Andreas Veithen <an...@gmail.com>.

Everything depends on where you want authentication to happen: in the
container, in CXF (i.e. in an interceptor) or in the resource.

Andreas

On Fri, Feb 5, 2010 at 11:20, SaravananRamamoorthy
<sa...@gmail.com> wrote:
>
> Dear All,
>
> To retrieve the Basic Authentication credentials using JAX RS, what are the
> steps to be followed.
>
> 1. Any configuration need in web.xml?
> 2. In Jax rs resource class , what parameter is used to retrieve the Basic
> authentication credentials like HeaderParam, MessageContext etc..
>
> I have tried out with the link
>
> http://chrisdail.com/2008/03/31/apache-cxf-with-http-basic-authentication/
>
> Please help me how to use this concept in resource class.
>
> Can anyone send the sample code to retrieve the credentials.
>
> Thanks for your help.
>
> Regards
> SaravananRamamoorthy
> --
> View this message in context: http://old.nabble.com/securing-JAX-RS-tp27465890p27465890.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
>

RE: securing JAX RS

Posted by "KARR, DAVID (ATTSI)" <dk...@att.com>.

> -----Original Message-----
> From: SaravananRamamoorthy [mailto:saravanan.ramamoorthy.s@gmail.com]
> Sent: Friday, February 05, 2010 2:20 AM
> To: users@cxf.apache.org
> Subject: securing JAX RS
> 
> 
> Dear All,
> 
> To retrieve the Basic Authentication credentials using JAX RS, what
are
> the
> steps to be followed.
> 
> 1. Any configuration need in web.xml?

I believe if you haven't configured security in web.xml, the
Authorization header will not get to the app.  You'll need something
like the following, and I'm not going to guess what detailed settings
you need, you'll have to research this somewhat:

<security-constraint>
   <web-resource-collection>
       <web-resource-name>MyAppName</web-resource-name>
       <url-pattern>/myurlpattern/*</url-pattern>
       <url-pattern>/anotherurlpattern</url-pattern>
       <http-method>GET</http-method>
   </web-resource-collection>
   <auth-constraint>
       <role-name>SomeRole</role-name>
   </auth-constraint>
   <user-data-constraint>
       <!--<transport-guarantee>NONE</transport-guarantee>-->
       <transport-guarantee>INTEGRAL</transport-guarantee>
   </user-data-constraint>
</security-constraint>
<login-config>
   <auth-method>BASIC</auth-method>
   <realm-name>myrealm</realm-name>
</login-config>
<security-role>
   <role-name>SomeRole</role-name>
</security-role>
<security-role>
   <role-name>SomeOtherRole</role-name>
</security-role>
<security-role>
   <role-name>StillAnotherRole</role-name>
</security-role>
<security-role>
   <role-name>AnotherRole</role-name>
</security-role>