You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by gasius <na...@combalt.com> on 2012/10/08 10:04:24 UTC
Basic authentication works only for the first deployed application
Hi,
I use CXF (2.4.6) over Jetty (7.4.5.v20110725) on ServiceMix 4.4.2. I need
to expose some web services secured with basic authentication. So I created
such bus configuration (only engine-factory part posted):
/ <httpj:engine-factory bus="cxf">
<httpj:engine port="9081">
<httpj:handlers>
<beans:bean
class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<beans:property name="loginService"
ref="securityLoginService" />
<beans:property name="constraintMappings">
<beans:list>
<beans:ref bean="securityConstraintMapping" />
</beans:list>
</beans:property>
</beans:bean>
</httpj:handlers>
</httpj:engine>
</httpj:engine-factory>
<beans:bean id="securityLoginService"
class="org.eclipse.jetty.security.HashLoginService">
<beans:property name="name" value="WSRealm" />
<beans:property name="config" value="etc/jetty-realm.properties" />
</beans:bean>
<beans:bean id="securityConstraint"
class="org.eclipse.jetty.http.security.Constraint">
<beans:property name="name" value="BASIC" />
<beans:property name="roles" value="admin" />
<beans:property name="authenticate" value="true" />
</beans:bean>
<beans:bean id="securityConstraintMapping"
class="org.eclipse.jetty.security.ConstraintMapping">
<beans:property name="constraint" ref="securityConstraint" />
<beans:property name="pathSpec" value="/*" />
</beans:bean>/
And register it in OSGi service registry using name cxf-bus. Later in my
Camel routes I set bus on endpoints like this:
in first bundle:
/cxf:bean:myFirstEndpoint?bus=#cxf-bus/
in second bundle:
/cxf:bean:mySecondEndpoint?bus=#cxf-bus/
When I deploy first bundle and try to access endpoint basic authentication
credentials are requested. But when I deploy second bundle I can access
mySecondEndpoint without any authentication. If I uninstall both bundles and
switch order of deployment then basic authentication works for the second
bundle but do not for the first. What am I doing wrong? Is there some way to
refresh security handler after I do subsequent deployments?
--
View this message in context: http://cxf.547215.n5.nabble.com/Basic-authentication-works-only-for-the-first-deployed-application-tp5715963.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Basic authentication works only for the first deployed application
Posted by Daniel Kulp <dk...@apache.org>.
Can you create a small test case and attach to a JIRA?
Dan
On Oct 9, 2012, at 2:57 AM, Juan José Pérez Consuegra <jj...@gmail.com> wrote:
> I have a almost the same problem, I load de xml file with the security
> rules but I receive the Response from the REST service perfectly an status
> 200 OK. Here it is my config file:
>
> <httpj:engine-factory bus="cxf">
> <httpj:engine port="0">
> <httpj:threadingParameters minThreads="5"
> maxThreads="15" />
> <httpj:handlers>
> <bean
> class="org.eclipse.jetty.security.ConstraintSecurityHandler">
> <property name="loginService"
> ref="securityLoginService" />
> <property name="constraintMappings">
> <list>
> <ref bean="securityConstraintMapping" />
> </list>
> </property>
> </bean>
> </httpj:handlers>
> </httpj:engine>
> </httpj:engine-factory>
>
> <bean id="securityLoginService"
> class="org.eclipse.jetty.security.HashLoginService">
> <property name="name" value="WSRealm" />
> <property name="config"
> value="src/es/uned/scc/related/cserver/ws/configuration/jetty-realm.properties"
> />
> </bean>
>
> <bean id="securityConstraint"
> class="org.eclipse.jetty.http.security.Constraint">
> <property name="name" value="BASIC" />
> <property name="roles" value="admin" />
> <property name="authenticate" value="true" />
> </bean>
>
> <bean id="securityConstraintMapping"
> class="org.eclipse.jetty.security.ConstraintMapping">
> <property name="constraint" ref="securityConstraint" />
> <property name="pathSpec" value="/*" />
> </bean>
> </beans>
>
> and my code:
>
> static{
> // set the configuration file
> SpringBusFactory factory = new SpringBusFactory();
> Bus bus =
> factory.createBus("src/es/uned/scc/related/cserver/ws/configuration/server-sec-bean.xml");
> BusFactory.setDefaultBus(bus);
> }
>
> private String address;
>
> private JAXRSServerFactoryBean sf;
> private Server server;
>
> public RLABJettyREST(String url, Integer port){
>
> address = url + ":"+ port.toString() + "/";
>
> }
>
> public void start() throws Exception{
> if (sf == null){
> sf = new JAXRSServerFactoryBean();
> sf.setResourceClasses(RLABSystemWSRest.class);
> sf.setResourceProvider(RLABSystemWSRest.class,
> new SingletonResourceProvider(new RLABSystemWSRest()));
> sf.setAddress(address);
>
> server = sf.create();
>
> I tried to test doing the configuration via code, but using
> JAXRSServerFactoryBean I not able to see how to add handlers to server,
>
> thanks,
>
> Juanjo.
>
>
> 2012/10/8 gasius <na...@combalt.com>
>
>> That is not true at least using soapUI tool. I receive "Error 401
>> Unauthorized" after removing username and password from endpoint just after
>> successful request using basic authentication. But for the second endpoint
>> there is no matter if I add or remove credentials, or even add credentials
>> of banned role - I always receive HTTP 200 OK.
>>
>> Also I performed another test. I entered URL of the first endpoint in web
>> browser. When basic authentication dialog appeared I clicked "Cancel"
>> button. Then in same window I entered URL of 2nd endpoint and it opened
>> WSDL
>> page without any authentication request. After that again I tried 1st URL
>> and received BA dialog. So I'm sure that my second endpoint is not
>> protected
>> even pathSpec is defined with value="/*".
>>
>>
>>
>> --
>> View this message in context:
>> http://cxf.547215.n5.nabble.com/Basic-authentication-works-only-for-the-first-deployed-application-tp5715963p5716035.html
>> Sent from the cxf-user mailing list archive at Nabble.com.
>>
--
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com
Re: Basic authentication works only for the first deployed application
Posted by Daniel Kulp <dk...@apache.org>.
The eclipse repo that the older version of jibx required is likely down.
I would suggest grabbing a newer version of CXF as we upgraded the jibx dependency to a newer version that has all it's deps in the normal central repo.
Dan
On Oct 15, 2012, at 11:16 AM, gasius <na...@combalt.com> wrote:
> Hi,
>
> seems I found bug which causes that behavior. Can someone advise me how to
> build cxf v 2.4.6? I downloaded it from
> https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.6 but when I run
>
> *mvn install -Dmaven.test.skip=true*
>
> I get failure:
>
> /[ERROR] Failed to execute goal on project cxf-rt-databinding-jibx: Could
> not resolve dependencies for project
> org.apache.cxf:cxf-rt-databinding-jibx:jar:2.4.6: The following artifacts
> could not be resolved: org.eclipse.core:resources:jar:3.4.0,
> org.eclipse:osgi:jar:3.8.0.v20120529-1548, org.eclipse.core:jobs:jar:3.3.1,
> org.eclipse.equinox:registry:jar:3.3.1: Failure to find
> org.eclipse.core:resources:jar:3.4.0/
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Basic-authentication-works-only-for-the-first-deployed-application-tp5715963p5716665.html
> Sent from the cxf-user mailing list archive at Nabble.com.
--
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com
Re: Basic authentication works only for the first deployed
application
Posted by gasius <na...@combalt.com>.
Hi,
seems I found bug which causes that behavior. Can someone advise me how to
build cxf v 2.4.6? I downloaded it from
https://svn.apache.org/repos/asf/cxf/tags/cxf-2.4.6 but when I run
*mvn install -Dmaven.test.skip=true*
I get failure:
/[ERROR] Failed to execute goal on project cxf-rt-databinding-jibx: Could
not resolve dependencies for project
org.apache.cxf:cxf-rt-databinding-jibx:jar:2.4.6: The following artifacts
could not be resolved: org.eclipse.core:resources:jar:3.4.0,
org.eclipse:osgi:jar:3.8.0.v20120529-1548, org.eclipse.core:jobs:jar:3.3.1,
org.eclipse.equinox:registry:jar:3.3.1: Failure to find
org.eclipse.core:resources:jar:3.4.0/
--
View this message in context: http://cxf.547215.n5.nabble.com/Basic-authentication-works-only-for-the-first-deployed-application-tp5715963p5716665.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Basic authentication works only for the first deployed application
Posted by Juan José Pérez Consuegra <jj...@gmail.com>.
I have a almost the same problem, I load de xml file with the security
rules but I receive the Response from the REST service perfectly an status
200 OK. Here it is my config file:
<httpj:engine-factory bus="cxf">
<httpj:engine port="0">
<httpj:threadingParameters minThreads="5"
maxThreads="15" />
<httpj:handlers>
<bean
class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<property name="loginService"
ref="securityLoginService" />
<property name="constraintMappings">
<list>
<ref bean="securityConstraintMapping" />
</list>
</property>
</bean>
</httpj:handlers>
</httpj:engine>
</httpj:engine-factory>
<bean id="securityLoginService"
class="org.eclipse.jetty.security.HashLoginService">
<property name="name" value="WSRealm" />
<property name="config"
value="src/es/uned/scc/related/cserver/ws/configuration/jetty-realm.properties"
/>
</bean>
<bean id="securityConstraint"
class="org.eclipse.jetty.http.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="admin" />
<property name="authenticate" value="true" />
</bean>
<bean id="securityConstraintMapping"
class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="securityConstraint" />
<property name="pathSpec" value="/*" />
</bean>
</beans>
and my code:
static{
// set the configuration file
SpringBusFactory factory = new SpringBusFactory();
Bus bus =
factory.createBus("src/es/uned/scc/related/cserver/ws/configuration/server-sec-bean.xml");
BusFactory.setDefaultBus(bus);
}
private String address;
private JAXRSServerFactoryBean sf;
private Server server;
public RLABJettyREST(String url, Integer port){
address = url + ":"+ port.toString() + "/";
}
public void start() throws Exception{
if (sf == null){
sf = new JAXRSServerFactoryBean();
sf.setResourceClasses(RLABSystemWSRest.class);
sf.setResourceProvider(RLABSystemWSRest.class,
new SingletonResourceProvider(new RLABSystemWSRest()));
sf.setAddress(address);
server = sf.create();
I tried to test doing the configuration via code, but using
JAXRSServerFactoryBean I not able to see how to add handlers to server,
thanks,
Juanjo.
2012/10/8 gasius <na...@combalt.com>
> That is not true at least using soapUI tool. I receive "Error 401
> Unauthorized" after removing username and password from endpoint just after
> successful request using basic authentication. But for the second endpoint
> there is no matter if I add or remove credentials, or even add credentials
> of banned role - I always receive HTTP 200 OK.
>
> Also I performed another test. I entered URL of the first endpoint in web
> browser. When basic authentication dialog appeared I clicked "Cancel"
> button. Then in same window I entered URL of 2nd endpoint and it opened
> WSDL
> page without any authentication request. After that again I tried 1st URL
> and received BA dialog. So I'm sure that my second endpoint is not
> protected
> even pathSpec is defined with value="/*".
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Basic-authentication-works-only-for-the-first-deployed-application-tp5715963p5716035.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
Re: Basic authentication works only for the first deployed
application
Posted by gasius <na...@combalt.com>.
That is not true at least using soapUI tool. I receive "Error 401
Unauthorized" after removing username and password from endpoint just after
successful request using basic authentication. But for the second endpoint
there is no matter if I add or remove credentials, or even add credentials
of banned role - I always receive HTTP 200 OK.
Also I performed another test. I entered URL of the first endpoint in web
browser. When basic authentication dialog appeared I clicked "Cancel"
button. Then in same window I entered URL of 2nd endpoint and it opened WSDL
page without any authentication request. After that again I tried 1st URL
and received BA dialog. So I'm sure that my second endpoint is not protected
even pathSpec is defined with value="/*".
--
View this message in context: http://cxf.547215.n5.nabble.com/Basic-authentication-works-only-for-the-first-deployed-application-tp5715963p5716035.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Basic authentication works only for the first deployed application
Posted by Glen Mazza <gl...@gmail.com>.
I may be wrong here, but I think basic auth is for the server itself,
not the individual web service endpoints, so whenever you validate the
first time (whether to your first or second endpoint), the subsequent
call to the other web service endpoint should work fine.
Glen
On 10/08/2012 04:04 AM, gasius wrote:
> Hi,
>
> I use CXF (2.4.6) over Jetty (7.4.5.v20110725) on ServiceMix 4.4.2. I need
> to expose some web services secured with basic authentication. So I created
> such bus configuration (only engine-factory part posted):
>
> / <httpj:engine-factory bus="cxf">
> <httpj:engine port="9081">
> <httpj:handlers>
> <beans:bean
> class="org.eclipse.jetty.security.ConstraintSecurityHandler">
> <beans:property name="loginService"
> ref="securityLoginService" />
> <beans:property name="constraintMappings">
> <beans:list>
> <beans:ref bean="securityConstraintMapping" />
> </beans:list>
> </beans:property>
> </beans:bean>
> </httpj:handlers>
> </httpj:engine>
> </httpj:engine-factory>
> <beans:bean id="securityLoginService"
> class="org.eclipse.jetty.security.HashLoginService">
> <beans:property name="name" value="WSRealm" />
> <beans:property name="config" value="etc/jetty-realm.properties" />
> </beans:bean>
>
> <beans:bean id="securityConstraint"
> class="org.eclipse.jetty.http.security.Constraint">
> <beans:property name="name" value="BASIC" />
> <beans:property name="roles" value="admin" />
> <beans:property name="authenticate" value="true" />
> </beans:bean>
>
> <beans:bean id="securityConstraintMapping"
> class="org.eclipse.jetty.security.ConstraintMapping">
> <beans:property name="constraint" ref="securityConstraint" />
> <beans:property name="pathSpec" value="/*" />
> </beans:bean>/
>
> And register it in OSGi service registry using name cxf-bus. Later in my
> Camel routes I set bus on endpoints like this:
>
> in first bundle:
> /cxf:bean:myFirstEndpoint?bus=#cxf-bus/
>
> in second bundle:
> /cxf:bean:mySecondEndpoint?bus=#cxf-bus/
>
> When I deploy first bundle and try to access endpoint basic authentication
> credentials are requested. But when I deploy second bundle I can access
> mySecondEndpoint without any authentication. If I uninstall both bundles and
> switch order of deployment then basic authentication works for the second
> bundle but do not for the first. What am I doing wrong? Is there some way to
> refresh security handler after I do subsequent deployments?
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Basic-authentication-works-only-for-the-first-deployed-application-tp5715963.html
> Sent from the cxf-user mailing list archive at Nabble.com.