Hi
I guess if you had Spring Security initializing the context not at the
servlet level but at the CXF interceptor level (please check the
archives, I believe several people have written the code doing it at the
CXF level), then you'd be able to emulate the end to end scenario easily
enough by setting the expected headers on the client side
Cheers, Sergey
On 21/10/14 20:18, Sonam Samdupkhangsar wrote:
I have a webapp that has Basic-Authentication support thru Spring-Security
configuration. I want to test my JAXRS (using CXF) based services using
local-transport with Basic-Auth enabled. The following is my java-config where
I have expression based Spring-Security config which does enable Basic-Auth
when deployed on Tomcat. However, it does not work on local-transport. Is
there a tutorial on how to achieve Basic-Auth on local-transport using
Spring-Security?
@Override
protected void configure(HttpSecurity http) throws Exception {
logger.debug("security configuration");
http.authorizeRequests()
.antMatchers("/user/**").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')")
.and()
.formLogin().loginPage("/login").failureUrl("/login?error").successHandler(authenticationSuccessHandler)
.usernameParameter("username").passwordParameter("password")
.and()
.logout().logoutSuccessUrl("/login?logout").and().csrf()
.and().authorizeRequests().antMatchers("/soa/**").
access("hasRole('ROLE_USER') or
hasRole('ROLE_ADMIN')").and().httpBasic().and().csrf().disable();
}
Thanks
-Sonam
