Hi Sergey,
As a follow up to this, i'm trying to implement a basic http filter using a
request handler. Is there a way to obtain the http auth info? I can't find
it on any of the contexts or message.
Is there an example of a basic auth client and a request handler or custom
invoker handling the authentication?
Thanks,
Kynan
Sergey Beryozkin wrote:
>
> Hi Vishal
>
> I'm very sorry for a late reply - I was planning to reply much earlier but
> then I got swamped with some work and forgot.
>
> There're a number of options, depending on your preferences
>
> 1. Do it in the application code, in the resource class. This is may or
> may not the best option. Typically this is something users prefer to do
> outside of the application code. But then you may want to look at the
> resource class which checks the injected SecurityContexts as the facade or
> as an interceptor really which delegates to the actual application class
> which may make this option more viable.
>
> So in this case you have to have
> @Resource WebServiceContext jaxwsContext;
> @Context SecurityContext jaxrsSecurityContext;
>
> declared in your code. Next, you need to figure out whether it's a JAXWS
> or JAXRS invocation in progress, so you can do it like this
> // not sure at the moment how exactly to get security context from jaxws
> one
> if (jaxwsContext.getSecurityContext() == null) {
> checkPrincipal(jaxrsSecurityContext.getPrincipal());
> } else {
> checkPrincipal(jaxwsContext.getSecurityContext().getPrincipal());
> }
>
> 2. Use Spring security - we have some simple tests showing how
> authentication and authorization can be done
>
> 3. For JAXRS : Use CXF JAX-RS RequestFilter or custom invoker (which
> simply extends JAXRSInvoker and is registered as an invoker property)
> where you can get all the info you need (method name, Principal, etc)
> For JAXWS : do a custom CXF in Interceptor which will throw Fault if
> needed.
>
> Perhaps there're more options... Let me know please if you need more info
> on any of the these options
>
> Cheers, Sergey
>
>
>
>
>
> Vishal.a wrote:
>>
>> Hello All,
>>
>> I have services written,that have both JaxRs and Jaxws.I have to
>> implement security on the services now.There are 2 things i need to do
>>
>> 1. Authentication - Using Basic Http Authentication
>> 2. Authorization - Secure each and every method.
>>
>> I have seen posts that show me how to do for either JaxRS or Jaxws,can
>> someone tell me what would be the best way to approach it for doing it
>> for both REST and SOAP.
>>
>> Any help is appreciated.
>>
>> Thanks,
>> Vishal
>>
>
>
--
View this message in context:
http://www.nabble.com/Security-in-Jaxws-Jaxrs-tp23266441p24303305.html
Sent from the cxf-user mailing list archive at Nabble.com.
