You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Sonam Samdupkhangsar <So...@imail.org> on 2014/10/21 21:18:33 UTC

Jaxrs local-transport testing with Spring Security Basic Authentication

I have a webapp that has Basic-Authentication support thru Spring-Security configuration.  I want to test my JAXRS (using CXF) based services using local-transport with Basic-Auth enabled.  The following is my java-config where I have expression based Spring-Security config which does enable Basic-Auth when deployed on Tomcat.  However, it does not work on local-transport.  Is there a tutorial on how to achieve Basic-Auth on local-transport using Spring-Security?


@Override
protected void configure(HttpSecurity http) throws Exception {
logger.debug("security configuration");
    http.authorizeRequests()
.antMatchers("/user/**").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')")
.and()
    .formLogin().loginPage("/login").failureUrl("/login?error").successHandler(authenticationSuccessHandler)
    .usernameParameter("username").passwordParameter("password")
    .and()
    .logout().logoutSuccessUrl("/login?logout").and().csrf()
.and().authorizeRequests().antMatchers("/soa/**").
access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')").and().httpBasic().and().csrf().disable();
}



Thanks

-Sonam

Re: Jaxrs local-transport testing with Spring Security Basic Authentication

Posted by Sergey Beryozkin <sb...@gmail.com>.

Hi

I guess if you had Spring Security initializing the context not at the 
servlet level but at the CXF interceptor level (please check the 
archives, I believe several people have written the code doing it at the 
CXF level), then you'd be able to emulate the end to end scenario easily 
enough by setting the expected headers on the client side

Cheers, Sergey
On 21/10/14 20:18, Sonam Samdupkhangsar wrote:
> I have a webapp that has Basic-Authentication support thru Spring-Security configuration.  I want to test my JAXRS (using CXF) based services using local-transport with Basic-Auth enabled.  The following is my java-config where I have expression based Spring-Security config which does enable Basic-Auth when deployed on Tomcat.  However, it does not work on local-transport.  Is there a tutorial on how to achieve Basic-Auth on local-transport using Spring-Security?
>
>
> @Override
> protected void configure(HttpSecurity http) throws Exception {
> logger.debug("security configuration");
>      http.authorizeRequests()
> .antMatchers("/user/**").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')")
> .and()
>      .formLogin().loginPage("/login").failureUrl("/login?error").successHandler(authenticationSuccessHandler)
>      .usernameParameter("username").passwordParameter("password")
>      .and()
>      .logout().logoutSuccessUrl("/login?logout").and().csrf()
> .and().authorizeRequests().antMatchers("/soa/**").
> access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')").and().httpBasic().and().csrf().disable();
> }
>
>
>
> Thanks
>
> -Sonam
>