Hi
On 03/11/14 14:42, Hilderich wrote:
Hello Sergey,
First of all what you have suggested I have done as you can see above. But
this incorporation of an interceptor has no effect and no one requires a
login if I do a request to the address in my browser.
My question about JAAS was intended to get a feedback from you if I have
grasp JAAS correctly. In Karaf the JAAS login mechanism looks into
<karaf_home>/etc/users.properties, isn't it?
As far as I recall yes
I don't know what you mean when you are talking about anonymous users and I
cannot find any property /allowAnonymous/. I just want to know if one entry
as stated above in users.propties is enough
for an authorization?
No, that entry should be enough for populating a security context -
which still needs to be acted upon.
However this is not the point at the moment because no
one is asking for any authorization - what a shame.
I do not even recall you talking about the authorization in this thread
before so I'm not sure why you are surprised.
What is you plan to enforce the authorization, do you use RBAC rules
like @RolesAllowed
Do I have to create any web app context file for any other authentication
stuff beyond /blueprint.xml/ and /users.properties/? Do I have to configure
<karaf_home>/etc/org.apache.karaf.jaas.cfg ???
No idea - ask at the Karaf list. As far as CXF is concerned, please
check the same page I linked to earlier on how to set up simple
authorizing interceptors which can check RolesAllowed.
By the way: sorry if I hijacked the thread - may be the solution
proposed originally should've been explored till the end...
Thanks, Sergey
Kind regards,
Hilderich
--
View this message in context:
http://camel.465427.n5.nabble.com/Adding-jaas-authentication-to-a-cxf-endpoint-in-karaf-tp5758340p5758462.html
Sent from the Camel - Users mailing list archive at Nabble.com.
