You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Sergey Beryozkin <sb...@gmail.com> on 2013/06/04 11:18:17 UTC
Re: Problem in About Apache CFX Spring Security Samples
Hi Ertuğrul
Thanks for your question, I'm redirecting to the users list,
On 30/05/13 13:40, Ertuğrul Saruhan wrote:
> Hello
>
> I have problem. I would like to implement OAuth with Apache CFX. There is a
> sample named "*oauth*" (server and client) directory in "*Apache CFX 2.75*
> ".
> I make it run on Jetty , but ı would like to move both *client *and *server
> samples *to Glassfish and Netbeans. Everything is fine and working , But
> only final step "*/auth/resources/person/get/john*" and "*
> /auth/resources/person/modify/john*" *gives 500 code and error is*
> *"**An Authentication object was not found in the SecurityContext**" .*
> *
> *
> when i debug the sample code both in glassfish and jetty ,* *
> *in "demo.oauth.server.spring.SpringOAuthAuthenticationFilter" *class *, *
> *line 51==> "List<String> authorities =
> (List<String>)request.getAttribute(OAUTH_AUTHORITIES);" *
> *returns empty list in Glassfish.*
> *But in Jetty , *return roles* ROLE_USER*, *ROLE_ADMIN. *
> It does not set attribute* "**OAUTH_AUTHORITIES".*
> * I could not solve the problem , what it should be in Glassfish ? I have
> problem in 3 days , still does not solve.*
> *Can you give me advice please ? *
Unfortunately I've no idea why that does not work in Glassfish, you may
want to ask a specific question on Glassfish forums: omit the fact that
it is a CXF demo, as it is not important, but ask them why a Spring
Security filter can not have the roles made available as servlet request
attributes...
As an alternative, consider not even using Spring Security to enforce
RBAC if it is all you need, simply use CXF SimpleAuthorizingInterceptor,
it is a lot simpler to use
Sergey
> *
> *
>