We use the following engine factory configuration to configure our Jetty
server (placed in our bundle-context.xml Spring DM configuration)
<httpj:engine-factory bus="cxf">
<httpj:engine port="${fromCxfEndpointUri.port}">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="${keyStoreKeyPassword}">
<sec:keyStore type="JKS" password="${keyStorePassword}"
file="${keyStoreFile}" />
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="${keyStorePassword}"
file="${keyStoreFile}"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*.*</sec:include>
<sec:exclude>.*40_.*</sec:exclude>
<sec:exclude>.*_RSA_WITH_DES_CBC_SHA.*</sec:exclude>
<sec:exclude>.*_RSA_WITH_3DES_EDE_CBC_SHA.*</sec:exclude>
</sec:cipherSuitesFilter>
<sec:clientAuthentication want="false" required="false" />
</httpj:tlsServerParameters>
<httpj:threadingParameters minThreads="5" maxThreads="20" />
<httpj:handlers>
<!-- BASIC AUTHENTICATION configuration -->
<ref bean="securityHandler"/>
</httpj:handlers>
</httpj:engine>
</httpj:engine-factory>
In our bundle-context-osgi Spring DM configuration which is used in Karaf,
we defined the "securityHandler" as following:
<bean id="securityHandler"
class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<property name="authenticator">
<bean
class="org.eclipse.jetty.security.authentication.BasicAuthenticator"/>
</property>
<property name="constraintMappings">
<list>
<bean class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint">
<bean
class="org.eclipse.jetty.http.security.Constraint">
<property name="name" value="BASIC"/>
<property name="roles" value="our-role-name"/>
<property name="authenticate" value="true"/>
</bean>
</property>
<property name="pathSpec" value="/*"/>
</bean>
</list>
</property>
<property name="loginService">
<bean class="org.eclipse.jetty.plus.jaas.JAASLoginService">
<property name="name" value="karaf"/>
<property name="loginModuleName" value="karaf"/>
<property name="roleClassNames">
<list>
<value>org.apache.karaf.jaas.modules.RolePrincipal</value>
</list>
</property>
</bean>
</property>
<property name="strict" value="false"/>
<property name="identityService">
<bean class="org.eclipse.jetty.security.DefaultIdentityService"/>
</property>
</bean>
Edit the ${KARAF_HOME}/etc/users.properties file and add the user:
user=password,our-role-name
For our unit tests, we are using a different "securityHandler"
configuration:
<bean id="securityHandler"
class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<property name="authenticator">
<bean
class="org.eclipse.jetty.security.authentication.BasicAuthenticator"/>
</property>
<property name="constraintMappings">
<list>
<bean class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint">
<bean
class="org.eclipse.jetty.http.security.Constraint">
<property name="name" value="BASIC"/>
<property name="roles" value="our-role-name"/>
<property name="authenticate" value="true"/>
</bean>
</property>
<property name="pathSpec" value="/*"/>
</bean>
</list>
</property>
<property name="loginService">
<bean class="org.eclipse.jetty.security.HashLoginService">
<property name="name" value="karaf" />
<property name="config"
value="src/test/resources/jetty-realm.properties" />
</bean>
</property>
<property name="strict" value="false"/>
</bean>
The "jetty-realm.properties" fooks like this one:
user: password,our-role-name
We are creating our test client like this one:
String url = "https://localhost:7071/foo/services/BarService";;
List<Interceptor<? extends Message>> outInterceptors =
new ArrayList<Interceptor<? extends Message>>();
LoggingOutInterceptor loggingOutInterceptor = new LoggingOutInterceptor();
outInterceptors.add(loggingOutInterceptor);
JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
factory.setBus(BusFactory.getDefaultBus());
factory.setOutInterceptors(outInterceptors);
factory.setServiceClass(SemprisEaiAIG.class);
factory.setAddress(url);
factory.setUsername("user");
factory.setPassword("password");
BarService serviceClient = (BarService) factory.create();
serviceClient.doSomething(...);
Hope this helps.
Best,
Christian
-----------------
Software Integration Specialist
Apache Camel committer: https://camel.apache.org/team
V.P. Apache Camel: https://www.apache.org/foundation/
Apache Member: https://www.apache.org/foundation/members.html
https://www.linkedin.com/pub/christian-mueller/11/551/642
On Mon, Sep 2, 2013 at 10:02 PM, Christian Müller <
christian.muel...@gmail.com> wrote:
> Yes, we got it working. I can post the relevant code snippets here
> tomorrow.
>
> Best,
> Christian
> -----------------
>
> Software Integration Specialist
>
> Apache Camel committer: https://camel.apache.org/team
> V.P. Apache Camel: https://www.apache.org/foundation/
> Apache Member: https://www.apache.org/foundation/members.html
>
> https://www.linkedin.com/pub/christian-mueller/11/551/642
>
>
> On Tue, Aug 27, 2013 at 9:00 PM, contactreji <contactr...@gmail.com>wrote:
>
>> Hi Christian.. did you get a work around the problem?
>>
>>
>>
>> --
>> View this message in context:
>> http://camel.465427.n5.nabble.com/camel-cxf-and-HTTP-BASIC-authentication-tp5716163p5738071.html
>> Sent from the Camel - Users mailing list archive at Nabble.com.
>>
>
>
