You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Sonam Samdupkhangsar <So...@imail.org> on 2014/10/21 21:18:33 UTC
Jaxrs local-transport testing with Spring Security Basic
Authentication
I have a webapp that has Basic-Authentication support thru Spring-Security configuration. I want to test my JAXRS (using CXF) based services using local-transport with Basic-Auth enabled. The following is my java-config where I have expression based Spring-Security config which does enable Basic-Auth when deployed on Tomcat. However, it does not work on local-transport. Is there a tutorial on how to achieve Basic-Auth on local-transport using Spring-Security?
@Override
protected void configure(HttpSecurity http) throws Exception {
logger.debug("security configuration");
http.authorizeRequests()
.antMatchers("/user/**").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')")
.and()
.formLogin().loginPage("/login").failureUrl("/login?error").successHandler(authenticationSuccessHandler)
.usernameParameter("username").passwordParameter("password")
.and()
.logout().logoutSuccessUrl("/login?logout").and().csrf()
.and().authorizeRequests().antMatchers("/soa/**").
access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')").and().httpBasic().and().csrf().disable();
}
Thanks
-Sonam
Re: Jaxrs local-transport testing with Spring Security Basic Authentication
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi
I guess if you had Spring Security initializing the context not at the
servlet level but at the CXF interceptor level (please check the
archives, I believe several people have written the code doing it at the
CXF level), then you'd be able to emulate the end to end scenario easily
enough by setting the expected headers on the client side
Cheers, Sergey
On 21/10/14 20:18, Sonam Samdupkhangsar wrote:
> I have a webapp that has Basic-Authentication support thru Spring-Security configuration. I want to test my JAXRS (using CXF) based services using local-transport with Basic-Auth enabled. The following is my java-config where I have expression based Spring-Security config which does enable Basic-Auth when deployed on Tomcat. However, it does not work on local-transport. Is there a tutorial on how to achieve Basic-Auth on local-transport using Spring-Security?
>
>
> @Override
> protected void configure(HttpSecurity http) throws Exception {
> logger.debug("security configuration");
> http.authorizeRequests()
> .antMatchers("/user/**").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')")
> .and()
> .formLogin().loginPage("/login").failureUrl("/login?error").successHandler(authenticationSuccessHandler)
> .usernameParameter("username").passwordParameter("password")
> .and()
> .logout().logoutSuccessUrl("/login?logout").and().csrf()
> .and().authorizeRequests().antMatchers("/soa/**").
> access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')").and().httpBasic().and().csrf().disable();
> }
>
>
>
> Thanks
>
> -Sonam
>