You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Ivan Vitoria Sanchez <iv...@grupoica.com> on 2010/12/28 13:42:26 UTC
Authorization header in REST Server
Hi guys,
I can't get the Authorization header param in a JAX-RS server. Is
@HeaderParam the way?
I've configured CXF 2.3.1 with Spring 3. My applicationContext.xml has the
following jax-rs server bean:
<jaxrs:server id="userServer"
modelRef="classpath:/WEB-INF/model/UserModel.xml" address="/users">
... (logging feature, service bean...)
</jaxrs:server>
UserModel.xml config:
<model xmlns="http://cxf.apache.org/jaxrs">
<resource name=" UserRestService" path="/"
consumesType="application/xml" producesType="application/xml">
<operation name="getUserByLogin" verb="GET" path="/login">
<param name="authorization" type="HEADER" />
</operation>
</resource>
</model>
Finally, the service implementation:
public class UserRestService implements IRestService
{
public ElementWrapper<MobilityUser>
getUserByLogin(@HeaderParam(HttpHeaders.AUTHORIZATION) String authorization)
{
// authorization is empty at this point...
}
}
I'm sure the Authorization header is sent because i'm also using Spring
Security, which allows the request via Basic Authentication. It doesn't work
if i disable Spring Security.
Thanks in advance,
Ivan
RE: Authorization header in REST Server
Posted by Ivan Vitoria Sanchez <iv...@grupoica.com>.
Hi,
Authorization is still empty in this scenario:
<operation name="getUserByLogin" verb="GET" path="/login">
<param name="securityContext" type="CONTEXT" />
<param name="authorization" type="HEADER" />
</operation>
public ElementWrapper<MobilityUser> getUserByLogin(@Context
SecurityContext securityContext, String authorization)
{
// securityContext.getUserPrincipal().getName() works!;
..
}
As you can see I've found another way to get the user (SecurityContext), but
maybe is not the best approach...
Regards,
Ivan
-----Mensaje original-----
De: Sergey Beryozkin [mailto:sberyozkin@gmail.com]
Enviado el: martes, 28 de diciembre de 2010 19:39
Para: users@cxf.apache.org
Asunto: Re: Authorization header in REST Server
Hi
I've added a test verifying it works
http://svn.apache.org/viewvc?view=revision&revision=1053402 (see the
Modified links)
Here's the relevant parts :
@Test
public void testGetBook123UserModelAuthorize() throws Exception {
JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
bean.setAddress("http://localhost:" + PORT +
"/usermodel/bookstore/books");
bean.setUsername("Barry");
bean.setPassword("password");
bean.setModelRef("classpath:org/apache/cxf/systest/jaxrs/resources/resources
.xml");
WebClient proxy = bean.createWebClient();
proxy.path("{id}/authorize", 123);
Book book = proxy.get(Book.class);
assertEquals(123L, book.getId());
}
Model :
<operation name="getBookWithAuthorization" verb="GET"
path="/books/{id}/authorize">
<param name="id" type="PATH"/>
<param name="authorization" type="HEADER"/>
</operation>
Note that you really do not need to use JAX-RS annotations such as
HeaderParam if you chose to go with the user model approach.
Can you please confirm this header is actually available on the wire ?
Additionally - please have
@Context HttpHeaders headers;
in a field and confirm the header is available by querying it inside the
method body.
hope it helps, Sergey
On Tue, Dec 28, 2010 at 12:42 PM, Ivan Vitoria Sanchez <
ivitoria@grupoica.com> wrote:
> Hi guys,
>
>
>
> I can't get the Authorization header param in a JAX-RS server. Is
> @HeaderParam the way?
>
>
>
> I've configured CXF 2.3.1 with Spring 3. My applicationContext.xml has the
> following jax-rs server bean:
>
>
>
> <jaxrs:server id="userServer"
> modelRef="classpath:/WEB-INF/model/UserModel.xml" address="/users">
>
> ... (logging feature, service bean...)
>
> </jaxrs:server>
>
>
>
> UserModel.xml config:
>
>
>
> <model xmlns="http://cxf.apache.org/jaxrs">
>
> <resource name=" UserRestService" path="/"
> consumesType="application/xml" producesType="application/xml">
>
> <operation name="getUserByLogin" verb="GET" path="/login">
>
> <param name="authorization" type="HEADER" />
>
> </operation>
>
> </resource>
>
> </model>
>
>
>
> Finally, the service implementation:
>
>
>
> public class UserRestService implements IRestService
>
> {
>
> public ElementWrapper<MobilityUser>
> getUserByLogin(@HeaderParam(HttpHeaders.AUTHORIZATION) String
> authorization)
>
> {
>
> // authorization is empty at this point...
>
> }
>
> }
>
>
>
>
>
> I'm sure the Authorization header is sent because i'm also using Spring
> Security, which allows the request via Basic Authentication. It doesn't
> work
> if i disable Spring Security.
>
>
>
> Thanks in advance,
>
>
>
> Ivan
>
>
>
>
Re: Authorization header in REST Server
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi
I've added a test verifying it works
http://svn.apache.org/viewvc?view=revision&revision=1053402 (see the
Modified links)
Here's the relevant parts :
@Test
public void testGetBook123UserModelAuthorize() throws Exception {
JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
bean.setAddress("http://localhost:" + PORT +
"/usermodel/bookstore/books");
bean.setUsername("Barry");
bean.setPassword("password");
bean.setModelRef("classpath:org/apache/cxf/systest/jaxrs/resources/resources.xml");
WebClient proxy = bean.createWebClient();
proxy.path("{id}/authorize", 123);
Book book = proxy.get(Book.class);
assertEquals(123L, book.getId());
}
Model :
<operation name="getBookWithAuthorization" verb="GET"
path="/books/{id}/authorize">
<param name="id" type="PATH"/>
<param name="authorization" type="HEADER"/>
</operation>
Note that you really do not need to use JAX-RS annotations such as
HeaderParam if you chose to go with the user model approach.
Can you please confirm this header is actually available on the wire ?
Additionally - please have
@Context HttpHeaders headers;
in a field and confirm the header is available by querying it inside the
method body.
hope it helps, Sergey
On Tue, Dec 28, 2010 at 12:42 PM, Ivan Vitoria Sanchez <
ivitoria@grupoica.com> wrote:
> Hi guys,
>
>
>
> I can't get the Authorization header param in a JAX-RS server. Is
> @HeaderParam the way?
>
>
>
> I've configured CXF 2.3.1 with Spring 3. My applicationContext.xml has the
> following jax-rs server bean:
>
>
>
> <jaxrs:server id="userServer"
> modelRef="classpath:/WEB-INF/model/UserModel.xml" address="/users">
>
> ... (logging feature, service bean...)
>
> </jaxrs:server>
>
>
>
> UserModel.xml config:
>
>
>
> <model xmlns="http://cxf.apache.org/jaxrs">
>
> <resource name=" UserRestService" path="/"
> consumesType="application/xml" producesType="application/xml">
>
> <operation name="getUserByLogin" verb="GET" path="/login">
>
> <param name="authorization" type="HEADER" />
>
> </operation>
>
> </resource>
>
> </model>
>
>
>
> Finally, the service implementation:
>
>
>
> public class UserRestService implements IRestService
>
> {
>
> public ElementWrapper<MobilityUser>
> getUserByLogin(@HeaderParam(HttpHeaders.AUTHORIZATION) String
> authorization)
>
> {
>
> // authorization is empty at this point...
>
> }
>
> }
>
>
>
>
>
> I'm sure the Authorization header is sent because i'm also using Spring
> Security, which allows the request via Basic Authentication. It doesn't
> work
> if i disable Spring Security.
>
>
>
> Thanks in advance,
>
>
>
> Ivan
>
>
>
>