You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by blacar <bc...@gmail.com> on 2014/01/10 14:50:24 UTC

AuthorizationPolicy null in message using URL encoded credentials

Hello,

Trying to use JAASAuthenticationFilter i am seeing that
message.get(AuthorizationPolicy.class) in call to handleMessage on
JAASLoginInterceptor is returning null.

I am using http://username:password@hostname:port/service url format which i
understand is standard ... so i expect CXF would extract values from URL 

Am i missing something?

Thanks in advance,

RBC



--
View this message in context: http://cxf.547215.n5.nabble.com/AuthorizationPolicy-null-in-message-using-URL-encoded-credentials-tp5738445.html
Sent from the cxf-user mailing list archive at Nabble.com.

RE: AuthorizationPolicy null in message using URL encoded credentials

Posted by blacar <bc...@gmail.com>.

Thank you Andrei, of course you were right.

I've Base64 encoded my credentials and now i see ApplicationPolicy and
NamePasswordCallbackHandler initialized correctly.

...
URL myURL = new URL(serviceURL);
HttpURLConnection myURLConnection =
(HttpURLConnection)myURL.openConnection();
String basicAuth = "Basic " + new String(new
Base64().encode(userCredentials.getBytes()));
myURLConnection.setRequestProperty ("Authorization", basicAuth);
myURLConnection.setRequestMethod("GET");
...





--
View this message in context: http://cxf.547215.n5.nabble.com/AuthorizationPolicy-null-in-message-using-URL-encoded-credentials-tp5738445p5738489.html
Sent from the cxf-user mailing list archive at Nabble.com.

RE: AuthorizationPolicy null in message using URL encoded credentials

Posted by Andrei Shakirin <as...@talend.com>.

Hi, 

> -----Original Message-----
> From: blacar [mailto:bcrafa@gmail.com]
> Sent: Freitag, 10. Januar 2014 14:50
> To: users@cxf.apache.org
> Subject: AuthorizationPolicy null in message using URL encoded credentials
> 
> Hello,
> 
> Trying to use JAASAuthenticationFilter i am seeing that
> message.get(AuthorizationPolicy.class) in call to handleMessage on
> JAASLoginInterceptor is returning null.
> 
> I am using http://username:password@hostname:port/service url format
> which i understand is standard ... so i expect CXF would extract values from
> URL

Not really, client should send http request with Base64 encoded username/password in Authorization HTTP header:

GET /secure_url
Host: www.httpwatch.com
Authorization: Basic aHR0cHdhdGNoOmY=

See http://en.wikipedia.org/wiki/Basic_access_authentication for details.

> 
> Am i missing something?
> 
> Thanks in advance,
> 
> RBC

Regards,
Andrei.

> 
> 
> 
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/AuthorizationPolicy-null-in-message-using-
> URL-encoded-credentials-tp5738445.html
> Sent from the cxf-user mailing list archive at Nabble.com.