Any updates on this? I think I have the same requirement and haven't been able to find any info on how to do digest authentication at the transport layer, (i.e. HTTP) with CXF. I have done it using Axis, which in turn uses HttpClient and it is just a matter of adding the username and password and HttpClient does the rest. The only info I have found regarding digest authentication for CXF is related to WS-Security, wich is at a higher level but is not what I need (which is arguably better, since it is independent from the transport: http, jms, mail, etc.) .
I have skimming through CXF documentation (and posts like this one) and it seems that this might be accomplished using CXF interceptors, but I don't have a clue on how to tap into the underlying http connection management to handle digest authentication. I also found this http://www.nabble.com/Using-HTTPClient-as-a-transport-td14715325.html thread in which it is suggested that in order to use HttpClient as a transport for CXF it has to be implemented as a conduit. The fact that there seems to be no easy way of doing it with CXF, and that no one seems to have contributed an interceptor or conduit for doing this makes me wonder if what I'm trying to do can be accomplished some other way which I'm not aware of. There is a http://issues.apache.org/jira/browse/CXF-291 Jira issue open for this, but there doesn't seem to be much activity. Any feedback would be very welcome. Regards Gabo Manuel wrote: > > Hi All, > > I am currently trying to implement a ReST service and was hoping to put > some security to it. Afaik, WS-security is already not an option since I > am not exposing a SOAP service (am I wrong here?). > > I tried searching the forums for some hint on where to go. I was able to > find entries re: Http Basic and SSL. I was hoping to take advantage of > the username/pwd of Http Digest and use that later in the request > processing, e.g. check privilege on the object accessed. > > I am already inclined to create a handler/interceptor to retrieve an > "Authorization" header param and perform the hash calculation and > comparison there. I am unsure of two things: > > ... > > -- View this message in context: http://www.nabble.com/-JAX-RS-Http-Digest-Authentication-support--tp20181931p21617071.html Sent from the cxf-user mailing list archive at Nabble.com.