Trying to bypass a spam filter...
-------- Original Message -------- Subject: Re: utilizing tomcat authentication for webservices Date: Thu, 03 Apr 2014 12:28:03 +0100 From: Sergey Beryozkin <[email protected]> To: [email protected] Hi On 03/04/14 11:03, michaelh wrote:
Hi, i've deployed a CXF webservice (2.2.9) on tomcat. we now want to add authentication. i've implemented the standard "login-config" authentication in the web.xml and it works fine for standard http(s). But i'm having trouble authenticating webservice requests. On the client side i'm adding the WS-* interceptors to provide username/password etc. But i'm having trouble understanding how to go about this on ther server side. Tomcat already has an authentication mechanism in place how can i utilize this for the webservices? From the examples i've seen the server side implements their own interceptors and callback handlers. any pointers would be appreciated.
Authentication support offered by Servlet Containers can only help if the authentication credentials are available at the HTTP level, example, in HTTP Authorization header or as client certificates. But if it is part of the SOAP payload (WS-Security headers) then you will need to use CXF WSS4JInInterceptor to deal with it HTH, Sergey
