Hi We're trying to evaluate CXF for our project at the moment - so are not really into it yet. So it may be that we're missing a blindingly obvious answer to the following.
We want to create a series of restful web-services and will be using Tomcat 7. Probably most if not all services will be using HTTPS and will require basic HTTP auth. If doing this with servlets it would be simple. Configure the HTTPS connector in server.xml mostly takes care of the HTTPS part. Create a database table of users then use a Tomcat JDBCRealm so that the users/credentials are accessible by Tomcat. Annotate every servlet that needs to be authenticated. Tomcat then associates the user with the session once authenticated or sends back a 401 message if not. With CXF it's really not clear how this well-trodden process should work at all and it's a real sticking point for us. The posts and documentation I have read seems to suggest all manner of very complex solutions to this simple problem (including request-handlers, interceptors, JAAS, Spring security). This makes is think that we're missing something obvious. Any advice as to how to approach as to how to address this simple problem would be most gratefully received. Thanks. Rob -- View this message in context: http://cxf.547215.n5.nabble.com/Simple-Problem-Restful-HTTP-Basic-Auth-over-HTTPS-tp5732594.html Sent from the cxf-user mailing list archive at Nabble.com.
