Hi
Perhaps PRE_INVOKE can do ?
You can also try to get to this Principal object from a JAX-RS RequestHandler
filter...
Cheers, Sergey
Cheers, Sergey
Hi Dan,
Sorry for the delay of update.
As of the moment, I am just checking on the Authorization entry in the
protocol headers. As i have read in the
(http://www.ietf.org/rfc/rfc2617) there is the possibility that I would
be processing an Authorization entry that is meant for a proxy or whatnot.
Just would like to confirm if this is ok since as of the moment, the
Principal object is always null.
Again, my thanks.
Gabo
Gabo Manuel wrote:
Hi Dan,
Sorry for the delay.
Is there a specific phase that the said class would be available? I
have tried RECEIVE and MARSHAL but the
message.get(SecurityContext.class).getUserPrincipal() remains null. It
is org.apache.cxf.security.SecurityContext, ryt?
The re-send has the following Authorization header:
Authorization: Digest username="myUserName", realm="feefactor",
nonce="1225267457187", uri="/cxf/services/rest/Accounts/Account/1",
response="83f8bff523b43ff49f647b184938ee5a"
Again, my thanks.
Gabo
Daniel Kulp wrote:
We currently only map Basic auth into the AuthorizationPolicy
stuff. For anything else, you would need to grab the Principal object:
message.get(SecurityContext.class).getUserPrincipal()
and inspect that in more detail. That object is provided to us from
the servlet engine after it handles any authentication things it
knows about.
Dan
