You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by semecxf <di...@gmail.com> on 2012/06/21 18:52:27 UTC
CORS and Http Basic Authentication
I have authentication class which implements
org.apache.cxf.jaxrs.ext.RequestHandler to do authentication.
My code works fine, except with cors.
In cors request (AuthorizationPolicy)message.get(AuthorizationPolicy.class)
returns null therefore I can't get user name and password.
Any body knows how cors and http basic authentication work?
--
View this message in context: http://cxf.547215.n5.nabble.com/CORS-and-Http-Basic-Authentication-tp5710112.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: CORS and Http Basic Authentication
Posted by Sergey Beryozkin <sb...@gmail.com>.
On 22/06/12 13:02, semecxf wrote:
> Do you know where AuthorizationPolicy gets stuffed into
> org.apache.cxf.message.Message so that
> org.apache.cxf.jaxrs.ext.RequestHandler has access to AuthorizationPolicy
>
org.apache.cxf.transport.http.AbstractHTTPDestination
Cheers, Sergey
> --
> View this message in context: http://cxf.547215.n5.nabble.com/CORS-and-Http-Basic-Authentication-tp5710112p5710144.html
> Sent from the cxf-user mailing list archive at Nabble.com.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
Re: CORS and Http Basic Authentication
Posted by Sergey Beryozkin <sb...@gmail.com>.
As it happens Benson already made sure ACCESS-CONTROL-ALLOW-CREDENTIALS
is set if needed so nothing more to add in this regard on the CXF end.
I guess the only issue is that a custom filter that enforces basic
authentication should actually sit after the CORS filter otherwise this
BasicAuth/Cookie/ClientCert filter has to add the above header (plus
ACCESS-CONTROL-ALLOW-ORIGIN at the bare minimum) itself
Sergey
On 22/06/12 13:02, semecxf wrote:
> Do you know where AuthorizationPolicy gets stuffed into
> org.apache.cxf.message.Message so that
> org.apache.cxf.jaxrs.ext.RequestHandler has access to AuthorizationPolicy
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/CORS-and-Http-Basic-Authentication-tp5710112p5710144.html
> Sent from the cxf-user mailing list archive at Nabble.com.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
Re: CORS and Http Basic Authentication
Posted by semecxf <di...@gmail.com>.
Do you know where AuthorizationPolicy gets stuffed into
org.apache.cxf.message.Message so that
org.apache.cxf.jaxrs.ext.RequestHandler has access to AuthorizationPolicy
--
View this message in context: http://cxf.547215.n5.nabble.com/CORS-and-Http-Basic-Authentication-tp5710112p5710144.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: CORS and Http Basic Authentication
Posted by Sergey Beryozkin <sb...@gmail.com>.
On 21/06/12 17:52, semecxf wrote:
> I have authentication class which implements
> org.apache.cxf.jaxrs.ext.RequestHandler to do authentication.
> My code works fine, except with cors.
> In cors request (AuthorizationPolicy)message.get(AuthorizationPolicy.class)
> returns null therefore I can't get user name and password.
>
> Any body knows how cors and http basic authentication work?
>
this entry provides some useful info:
http://avalanche123.com/blog/2011/10/10/cross-domain-javascript-lessons-learned/
By the way, we may need to enhance the CXF CORS filter to return
'Access-Control-Allow-Credentials: true' if it's configured to enforce
BasicAuth and no AuthorizationPolicy is available.
Sergey
> --
> View this message in context: http://cxf.547215.n5.nabble.com/CORS-and-Http-Basic-Authentication-tp5710112.html
> Sent from the cxf-user mailing list archive at Nabble.com.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com