Daniel, Thanks!
I have another question. I have also a use case when the web service should provide the result w/o authentication at all. The options I have right now are 1. To say that the authentication is always required. 2. To bind the service to a URL that does not require authentication. 3. Somehow pre-process the request and replace a request w/o authentication with a request with synthetic user "anonymous". I think # 1 and # 2 are easy but don't do exactly what is required. #3 seem to be optimal but I am not sure how to approach it. Any suggestions/ideas? Regards, Slava Imeshev > -----Original Message----- > From: Daniel Kulp [mailto:[email protected]] > Sent: Friday, February 20, 2009 12:43 PM > To: [email protected] > Cc: Slava Imeshev > Subject: Re: Authentication and authorization > > On Fri February 20 2009 1:21:42 pm Slava Imeshev wrote: > > Daniel, > > > > I am pretty new to CXF. I'd very grateful if you could you point me > > in the right direction. Any examples/tutorials? > > It's pretty simple acutally. In your Impl bean, add a field: > > > @Resource > private WebServiceContext context; > > That will get the context injected. > > > Then in your method, do: > > context.getUserPrincipal() > or > context.isUserInRole("blah"); > > As long as the user has authenticated (basic auth), then > those methods should > return the information that the app server returns from the > HttpServletRequest. > > Dan > > > > > > > Regards, > > > > Slava Imeshev > > > > > -----Original Message----- > > > From: Daniel Kulp [mailto:[email protected]] > > > Sent: Friday, February 20, 2009 7:58 AM > > > To: [email protected] > > > Cc: Slava Imeshev > > > Subject: Re: Authentication and authorization > > > > > > > > > The JAX-WS spec kind of covers this. > > > > > > If you inject WebServiceContext, from the context, you can > > > get the user > > > principal and call the isUserInRole call which would call > > > back into the tomcat > > > auth modules. From that, you can act on it any way you please. > > > > > > Dan > > > > > > On Thu February 19 2009 5:58:12 pm Slava Imeshev wrote: > > > > Hi all, > > > > > > > > I have an interesting use case that I am not sure how > to approach. > > > > > > > > Consider a service MyService on Tomcat, pseudocode: > > > > > > > > MyService { > > > > Set<Entry> getEntries(); > > > > } > > > > > > > > For that service, if the requester did not authenticate, the > > > > getEntries would return a limited list of entries, only > > > > > > those allowed > > > > > > > for "public" access. If the requestor did authenticate, the > > > > service > > > > > > returns an extended set. How can this be done with CXF? > > > > > > > > Regards, > > > > > > > > Slava Imeshev > > > > > > -- > > > Daniel Kulp > > > [email protected] > > > http://www.dankulp.com/blog > > -- > Daniel Kulp > [email protected] > http://www.dankulp.com/blog
