Hi,
I think having a custom @Context types supported will be one way to do it :
@Context AuthorizationData data;
I know Jersey does it but I need to think how something like this can be done
in as a trivial way as possible...
I'm not sure how else this can be done - I need to think. In principle it would be possible to add pre/post methods configuration in
jaxrs:server - but I'm not certain yet... If you have any ideas then let me know please.
Would you be open to moving the Authorization check out of the resource class code to a RequestFilter ? You can get an access to the
OperationResourceInfo about to be invoked in a filter and check the authorization details too. We also have system tests and a demo
(in Fuse though) showing how Spring Security can be applied - but it might not work in 2.1.3 due to a double proxy bug - though I
believe some users have managed to escape it in 2.1.3 :-)
Cheers, Sergey
Hi,
I need to extract HTTP authorization header.
I am able to do it using @Context HttpHeader injection by CXF and then
extracting Authorization info from that.
However, i need to do that for all the resource mappings.
Is there any way I can avoid replicating code in each method?
Is there any way by which I can specify a particular method to be executed,
irrespective of the request?
(where I can have this extraction code, and then store the extracted header
in some instance variable.)
Thanks
--
View this message in context:
http://www.nabble.com/Extracting-HTTP-authorization-header-tp22076857p22076857.html
Sent from the cxf-user mailing list archive at Nabble.com.
