Hi
On 18/08/13 23:30, rpd wrote:
Dear Sergey
Thanks very much for responding so quickly. I looked up what I could find
on CXFServlet and understand that I must deploy it in my web.xml. So that
solves the https issue so long as I configure Tomcat SSL etc.
However, I don't think that you're advising me to extend CXFServlet in my
code instead of HttpServlet and therefore write normal servlet code. So,
given that I am not writing the all-familiar servlet, that leaves me
wondering how a service that I implement is going to...
CXFServlet is a regular Servlet whose primary goal is to route a current
HTTP request to a WS or RS endpoint. My understanding was, you were
preferring to keep using Servlet-level declarative security, right ? So
I believe you can apply all the security-constraints to CXFServlet,
example, tell Tomcat it should do Basic authentication.
(a) perform the HTTP basic auth
See above; using JAAS would be another option
(b) allow me to access the user-name (I think you called the principal)
against the session.
You can inject JAX-RS SecurityContext into your service code and access
Principal (and its name)
Take, for example, the code fragment on pages 175-176 of the Apache CXF Web
Development book - the "CategoryService" class. Suppose that all methods
require as a pre-condition that the requestor be authenticated. Suppose also
that I needed to obtain the user-name in one or all of the methods (e.g. the
getCategory method).
How would I modify this code to get what I need and what would I need to
setup beforehand apart from the deployment of the CXFServlet? (NB we're not
Spring guys either I'm afraid)
I don't own the copy, but I'm hoping what I said above should clarify
things more
Cheers, Sergey
best regards, Rob.
--
View this message in context:
http://cxf.547215.n5.nabble.com/Simple-Problem-Restful-HTTP-Basic-Auth-over-HTTPS-tp5732594p5732612.html
Sent from the cxf-user mailing list archive at Nabble.com.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
