You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Basic Danijel <da...@gmail.com> on 2015/03/08 22:37:52 UTC
One login for web app and underlying REST webservice
Hi all,
I'm currently developing web app running on karaf. The app has the frontend
written in Angular JS and the backend is REST webservice (CXF JAX-RS).
The requirement is that all pages have to be secured. I decided to go with
FORM based authentication (configured in web.xml).
For CXF REST webservice I
use org.apache.cxf.jaxrs.security.JAASAuthenticationFilter (configured in
blueprint.xml).
Both parts are configured to use the same realm.
The problem is the following: when I try to access a protected page, I need
to log in twice (server and cxf authentication).
How can I get rid of this problem, ie. to have only server authentication
(and automatically be authenticated on REST part)?
Btw, if I use BASIC authentication, then one login appears and everything
is working as expected.
Regards,
Danijel
Re: One login for web app and underlying REST webservice
Posted by Basic Danijel <da...@gmail.com>.
Hi Sergey,
Will take a look.
Thanks,
Danijel
On Mon, Mar 9, 2015 at 2:05 PM, Sergey Beryozkin <sb...@gmail.com>
wrote:
> Hi
> On 09/03/15 12:11, Basic Danijel wrote:
>
>> Hi Sergey,
>>
>> Thanks for your response.
>>
>> I'm looking forward to seeing the new filter in action. In the meantime,
>> I'll try your alternatives.
>>
> SAML SSO docs are here:
> http://cxf.apache.org/docs/saml-web-sso.html
>
> Do "CXF OAuth2" in Google and follow a link to my current employer's GIT
> repo and check a jaxrs_oauth2/sso demo. SAML SSO is demoed against
> Shibboleth. Colm is doing SAML SSO in Fediz too.
>
> OIDC SSO is a work in progress, the RP code is becoming close to the final
> version but a bit more work is needed, the only source so far is this Big
> Query demo (actual Big Query is not demoed yet, only authentication against
> Google+):
>
> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=
> distribution/src/main/release/samples/jax_rs/big_query/src/
> main/java/demo/jaxrs/server/BigQueryService.java;h=
> 79d73b864f103e8b0863cfb737d39f268c3b85de;hb=HEAD#l99
>
> > Is there a defect (or a feature request) opened for this, so it could be
> > possible to track the progress?
> >
>
> https://issues.apache.org/jira/browse/CXF-4780
>
> Cheers, Sergey
>
>
>
> Regards,
>> Danijel
>>
>> On Mon, Mar 9, 2015 at 11:26 AM, Sergey Beryozkin <sb...@gmail.com>
>> wrote:
>>
>> Hi
>>>
>>> This filter has not been made capable of supporting a FORM-based login -
>>> a
>>> long pending issue exists. This is a second question in the last couple
>>> of
>>> months about using the filter with FORM-based logins, I'll actually give
>>> a
>>> try and see if I can make it work for CXF 3.0.5.
>>>
>>> Here are the alternatives:
>>> - Use a servlet level FORM based support
>>> - Consider SAML Web SSO - we support it
>>>
>>> OpendIdConnect SSO work is in progress - we have a utility code in place
>>> -
>>> I can point to it if it might make sense in your case.
>>>
>>> But as I said, I'll see if I can support a filter supporting a form
>>> login,
>>> that would definitely simplify the simple SSO management in some cases...
>>> Thanks, Sergey
>>>
>>>
>>> On 08/03/15 21:37, Basic Danijel wrote:
>>>
>>> Hi all,
>>>>
>>>> I'm currently developing web app running on karaf. The app has the
>>>> frontend
>>>> written in Angular JS and the backend is REST webservice (CXF JAX-RS).
>>>>
>>>> The requirement is that all pages have to be secured. I decided to go
>>>> with
>>>> FORM based authentication (configured in web.xml).
>>>> For CXF REST webservice I
>>>> use org.apache.cxf.jaxrs.security.JAASAuthenticationFilter (configured
>>>> in
>>>> blueprint.xml).
>>>>
>>>> Both parts are configured to use the same realm.
>>>>
>>>> The problem is the following: when I try to access a protected page, I
>>>> need
>>>> to log in twice (server and cxf authentication).
>>>>
>>>> How can I get rid of this problem, ie. to have only server
>>>> authentication
>>>> (and automatically be authenticated on REST part)?
>>>>
>>>> Btw, if I use BASIC authentication, then one login appears and
>>>> everything
>>>> is working as expected.
>>>>
>>>> Regards,
>>>> Danijel
>>>>
>>>>
>>>>
>>>
>>
>
Re: One login for web app and underlying REST webservice
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi
On 09/03/15 12:11, Basic Danijel wrote:
> Hi Sergey,
>
> Thanks for your response.
>
> I'm looking forward to seeing the new filter in action. In the meantime,
> I'll try your alternatives.
SAML SSO docs are here:
http://cxf.apache.org/docs/saml-web-sso.html
Do "CXF OAuth2" in Google and follow a link to my current employer's GIT
repo and check a jaxrs_oauth2/sso demo. SAML SSO is demoed against
Shibboleth. Colm is doing SAML SSO in Fediz too.
OIDC SSO is a work in progress, the RP code is becoming close to the
final version but a bit more work is needed, the only source so far is
this Big Query demo (actual Big Query is not demoed yet, only
authentication against Google+):
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java;h=79d73b864f103e8b0863cfb737d39f268c3b85de;hb=HEAD#l99
> Is there a defect (or a feature request) opened for this, so it could be
> possible to track the progress?
>
https://issues.apache.org/jira/browse/CXF-4780
Cheers, Sergey
> Regards,
> Danijel
>
> On Mon, Mar 9, 2015 at 11:26 AM, Sergey Beryozkin <sb...@gmail.com>
> wrote:
>
>> Hi
>>
>> This filter has not been made capable of supporting a FORM-based login - a
>> long pending issue exists. This is a second question in the last couple of
>> months about using the filter with FORM-based logins, I'll actually give a
>> try and see if I can make it work for CXF 3.0.5.
>>
>> Here are the alternatives:
>> - Use a servlet level FORM based support
>> - Consider SAML Web SSO - we support it
>>
>> OpendIdConnect SSO work is in progress - we have a utility code in place -
>> I can point to it if it might make sense in your case.
>>
>> But as I said, I'll see if I can support a filter supporting a form login,
>> that would definitely simplify the simple SSO management in some cases...
>> Thanks, Sergey
>>
>>
>> On 08/03/15 21:37, Basic Danijel wrote:
>>
>>> Hi all,
>>>
>>> I'm currently developing web app running on karaf. The app has the
>>> frontend
>>> written in Angular JS and the backend is REST webservice (CXF JAX-RS).
>>>
>>> The requirement is that all pages have to be secured. I decided to go with
>>> FORM based authentication (configured in web.xml).
>>> For CXF REST webservice I
>>> use org.apache.cxf.jaxrs.security.JAASAuthenticationFilter (configured in
>>> blueprint.xml).
>>>
>>> Both parts are configured to use the same realm.
>>>
>>> The problem is the following: when I try to access a protected page, I
>>> need
>>> to log in twice (server and cxf authentication).
>>>
>>> How can I get rid of this problem, ie. to have only server authentication
>>> (and automatically be authenticated on REST part)?
>>>
>>> Btw, if I use BASIC authentication, then one login appears and everything
>>> is working as expected.
>>>
>>> Regards,
>>> Danijel
>>>
>>>
>>
>
Re: One login for web app and underlying REST webservice
Posted by Basic Danijel <da...@gmail.com>.
Hi Sergey,
Thanks for your response.
I'm looking forward to seeing the new filter in action. In the meantime,
I'll try your alternatives.
Is there a defect (or a feature request) opened for this, so it could be
possible to track the progress?
Regards,
Danijel
On Mon, Mar 9, 2015 at 11:26 AM, Sergey Beryozkin <sb...@gmail.com>
wrote:
> Hi
>
> This filter has not been made capable of supporting a FORM-based login - a
> long pending issue exists. This is a second question in the last couple of
> months about using the filter with FORM-based logins, I'll actually give a
> try and see if I can make it work for CXF 3.0.5.
>
> Here are the alternatives:
> - Use a servlet level FORM based support
> - Consider SAML Web SSO - we support it
>
> OpendIdConnect SSO work is in progress - we have a utility code in place -
> I can point to it if it might make sense in your case.
>
> But as I said, I'll see if I can support a filter supporting a form login,
> that would definitely simplify the simple SSO management in some cases...
> Thanks, Sergey
>
>
> On 08/03/15 21:37, Basic Danijel wrote:
>
>> Hi all,
>>
>> I'm currently developing web app running on karaf. The app has the
>> frontend
>> written in Angular JS and the backend is REST webservice (CXF JAX-RS).
>>
>> The requirement is that all pages have to be secured. I decided to go with
>> FORM based authentication (configured in web.xml).
>> For CXF REST webservice I
>> use org.apache.cxf.jaxrs.security.JAASAuthenticationFilter (configured in
>> blueprint.xml).
>>
>> Both parts are configured to use the same realm.
>>
>> The problem is the following: when I try to access a protected page, I
>> need
>> to log in twice (server and cxf authentication).
>>
>> How can I get rid of this problem, ie. to have only server authentication
>> (and automatically be authenticated on REST part)?
>>
>> Btw, if I use BASIC authentication, then one login appears and everything
>> is working as expected.
>>
>> Regards,
>> Danijel
>>
>>
>
Re: One login for web app and underlying REST webservice
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi
This filter has not been made capable of supporting a FORM-based login -
a long pending issue exists. This is a second question in the last
couple of months about using the filter with FORM-based logins, I'll
actually give a try and see if I can make it work for CXF 3.0.5.
Here are the alternatives:
- Use a servlet level FORM based support
- Consider SAML Web SSO - we support it
OpendIdConnect SSO work is in progress - we have a utility code in place
- I can point to it if it might make sense in your case.
But as I said, I'll see if I can support a filter supporting a form
login, that would definitely simplify the simple SSO management in some
cases...
Thanks, Sergey
On 08/03/15 21:37, Basic Danijel wrote:
> Hi all,
>
> I'm currently developing web app running on karaf. The app has the frontend
> written in Angular JS and the backend is REST webservice (CXF JAX-RS).
>
> The requirement is that all pages have to be secured. I decided to go with
> FORM based authentication (configured in web.xml).
> For CXF REST webservice I
> use org.apache.cxf.jaxrs.security.JAASAuthenticationFilter (configured in
> blueprint.xml).
>
> Both parts are configured to use the same realm.
>
> The problem is the following: when I try to access a protected page, I need
> to log in twice (server and cxf authentication).
>
> How can I get rid of this problem, ie. to have only server authentication
> (and automatically be authenticated on REST part)?
>
> Btw, if I use BASIC authentication, then one login appears and everything
> is working as expected.
>
> Regards,
> Danijel
>