Re: Authentication response header 401

Thu, 23 Jul 2009 05:26:10 -0700 

Hi,

> Well, did not really see what you spoke about

sorry :-)

> but I've found a method for what I wished.

this is something I suggested to do too but I thought you wanted to deal
with this before the call reaches the application code. So what you might
want to do is to register say AuthCheckFilter (as a jaxrs provider) :

public class AuthCheckProvider implements RequestHandler {

    public Response handleRequest(Message m, ClassResourceInfo
resourceClass) {
        // use HttpHeaders, new HttpHeadersImpl(m) 
        // or
        AuthorizationPolicy policy =
m.getContent(AuthorizationPolicy.class);

        if (policy.getUserName() != "..." || policy.getPassword()  != "...")
{
            return Response.status(401).build();
        }
        return null;
    }

}

cheers, Sergey


Raphaël Flores-2 wrote:
> 
> Hmm.
> 
> Well, did not really see what you spoke about, but I've found a method 
> for what I wished.
> 
> I use HttpHeaders from what I get the header Authorization if present, 
> if not, the request is sent to client for authenticate with a Response 
> object, if yes verification of login/password is made and if there are 
> correct, user is authorized to access requested data. Look at following 
> example code :
> 
>     @GET
>     @Path("/auth")
>     public Response authentication(@Context HttpHeaders headers) throws 
> Base64Exception, IOException {
>         String login = "";
>         String password = "";
>         if (!headers.getRequestHeader("Authorization").isEmpty()) {
>             String headerAuth = 
> headers.getRequestHeader("Authorization").get(0).toString();
>             String headerStrimmed = headerAuth.substring(6); //BASIC
> method
>             String decedodHeader = new 
> String(Base64Utility.decode(headerStrimmed));
>             login = decedodHeader.substring(0,decedodHeader.indexOf(":"));
>             password = 
> decedodHeader.substring(decedodHeader.indexOf(":")+1);           
>         }
>         if ("johnsmith".equals(login) && 
> "1234-OhBadPassword".equals(password)) {
>             System.out.println("\n\nAuthentification OK\n\n");
>             return Response.ok("Authentication 
> Valid!").status(HttpStatus.SC_OK).build();
>         }
>         return 
> Response.ok().status(HttpStatus.SC_UNAUTHORIZED).header("WWW-authenticate",
>                 "BASIC realm=\"Authentication required\"").build();
>     }
> 
> Login & password MUST not contain any ":" in this case, but I'll find a 
> better method verification for them.
> 
> Thanks!
> 
> -- 
> Raphael F.
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Authentication-response-header-401-tp24612009p24624724.html
Sent from the cxf-user mailing list archive at Nabble.com.

Reply via email to