Hi
I think it is more a Karaf-level question, where different JAAS contexts
can be set up and such. Though I've heard one can have a two way TLS
(client cert for our purposes) and also Basic Auth credentials combined
in one request, example, when the same machine is shared between
multiple users, etc...
Checking both the client cert and Basic Auth can be done in a single CXF
filter but it can become rather manual; we have a JAAS interceptor which
is easy to use but it works with BasicAuth only, we really need to get a
CXF level JAAS interceptor for checking the client certs tooo
Sorry, off-topic for this list
Sergey
On 21/05/13 07:09, Martin Stiborský wrote:
One more, final question :)
Currently, I have configured Karaf server, to accept only requests
signed with certain client SSL certificate - this works for us as a
very basic layer for authenticating incoming requests to Camel/jaxrs.
So, I'w like to keep this solution, but also support HTTP Basic auth.
So, if a request is signed with SSL cert, try to authorize with
certificate, if the request is signed with HTTP Basic, use that
instead of certificate.
I guess I have to move it all into CXF filter, right? To get such
"authorization chain".
On Mon, May 20, 2013 at 7:44 PM, Martin Stiborský
<martin.stibor...@gmail.com> wrote:
wow, works, many thanks to you.
I promised already few, but I should really write some tutorial on
this topic…give me a slap if I don't do it next weekend…
On Mon, May 20, 2013 at 1:26 PM, Sergey Beryozkin <sberyoz...@gmail.com> wrote:
Hi
On 20/05/13 12:19, Martin Stiborský wrote:
So far it seems for me that I have a big problem with architecture of
the application.
It was working well so far, the approach we used.
I mean, these "camel-cxf:rsServer" elements, with classes describing
REST interface following jax-rs.
The REST classes were looking a little bit weird, as they "returning
null"
(http://www.javacodegeeks.com/2012/05/rest-endpoint-for-integration-using.html)
but it was possible then to use the rest class directly in the start
of a camel routes with "from("cxfrs:bean:something")".
Is something like this possible with this way of registering jax-rs?
<jaxrs:server id="customerService" address="/">
<jaxrs:serviceBeans>
<ref component-id="myServiceBean" />
</jaxrs:serviceBeans>
<jaxrs:providers>
<bean id="authorizationFilter" class="com.foo.HttpAuth"/>
</jaxrs:providers>
</jaxrs:server>
Yes, simply do
<jaxrs:server id="customerService"
address="camel:/myCamelTransportAddress">
<jaxrs:serviceBeans>
<ref component-id="myServiceBean" />
</jaxrs:serviceBeans>
<jaxrs:providers>
<bean id="authorizationFilter" class="com.foo.HttpAuth"/>
</jaxrs:providers>
</jaxrs:server>
And use that in combination with Camel Servlet transport.
Also, have a look at the new Simple binding for cxfrs, available from Camel
2.11
Sergey
The provider definitelly works like that, that's good. But everything
else doesn't work :P
On Mon, May 20, 2013 at 12:01 PM, Martin Stiborský
<martin.stibor...@gmail.com> wrote:
Ok, so it seems that implementing
org.apache.cxf.jaxrs.ext.RequestHandler could help me.
How to register such a provider then?
We have REST interfaces created like this:
<camel-cxf:rsServer id="restFoo" address="/rest/foo"
serviceClass="com.rest.FooRest"/>
We have few of these. I'm not sure, it it's possible to register
jax-rs provider with this.
On Mon, May 20, 2013 at 10:02 AM, Ioan Eugen Stan <stan.ieu...@gmail.com>
wrote:
Hello Martin,
I think you could try addding a Filter or Interceptor that does Basic
Auth. If you're using CXF you could try something like [1]
Hope it helps,
[1] http://cxf.apache.org/docs/secure-jax-rs-services.html
On Mon, May 20, 2013 at 10:48 AM, Martin Stiborský
<martin.stibor...@gmail.com> wrote:
Hello guys,
a joke is saying that a number of tabs opened in web browser related
to some problem could help you to estimate the time needed for
implementation.
I have now about 33 tabs opened :) I need to secure my REST interface,
with HTTP Basic auth.
In the project, we are currently still with Camel 2.10.1 (not yet
resolved some troubles with upgrade to 2.11 :( ), we are using OSGi
and Aries blueprint. All deployed into Apache Karaf.
Just a simple hint which way to go is goood enough for me.
Right now, I'm checking JAAS, but I'm really lost in this topic.
--
S pozdravem / Best regards
Martin Stiborský
Jabber: st...@njs.netlab.cz
Twitter: http://www.twitter.com/stibi
--
Ioan Eugen Stan
0720 898 747
--
S pozdravem / Best regards
Martin Stiborský
Jabber: st...@njs.netlab.cz
Twitter: http://www.twitter.com/stibi
--
S pozdravem / Best regards
Martin Stiborský
Jabber: st...@njs.netlab.cz
Twitter: http://www.twitter.com/stibi
