We currently only map Basic auth into the AuthorizationPolicy stuff. For
anything else, you would need to grab the Principal object:
message.get(SecurityContext.class).getUserPrincipal()
and inspect that in more detail. That object is provided to us from the
servlet engine after it handles any authentication things it knows about.
Dan
On Monday 27 October 2008 4:35:00 am Gabo Manuel wrote:
> Hi All,
>
> After reading up more re: Http Basic, finally found why it is so. Final
> revision of questions:
>
> I modified Chris Dail's sample interceptor such that the challenge would be
>
> WWW-Authenticate: Digest realm=feefactor, nonce=1225096289125
>
> When the client re-submits request with the Digest details, e.g.:
>
> Authorization: Digest username="myUserName", realm="feefactor",
> nonce="1225096289125", uri="/cxf/services/rest/Accounts/Account/1",
> response="0808b59f915736b53da883b32c39c306"
>
> the following code still renders policy as null:
> AuthorizationPolicy policy = message.get(AuthorizationPolicy.class)
>
> I checked the received headers using the following code:
> logger.info("Protocol headers: " + message.get(Message.PROTOCOL_HEADERS));
>
> and Authorization is there:
>
> [InHandler] | Protocol headers: {host=[localhost:8081],
> Authorization=[Digest username="myUserName", realm="feefactor",
> nonce="1225096289125", uri="/cxf/services/rest/Accounts/Account/1",
> response="0808b59f915736b53da883b32c39c306"], user-agent=[Jakarta
> Commons-HttpClient/3.1]}
>
> Am I missing something?
>
> Gabo
--
Daniel Kulp
[EMAIL PROTECTED]
http://dankulp.com/blog
