Hi
<snip/>
I've decided that I'm better off letting the container do the
authentication and simple authorization and then doing fine-tuned
authorization in my handler (my authorizations are data-based, not
method-based, so Spring Security doesn't help me). I finally got
through the role/group mapping stuff, so that my request with a valid
Authorization header got serviced without a 401 or 403.
However, I'm also seeing that when I get into my handler, the
AuthorizationPolicy that I retrieve from the message is null. I can see
the "Authorization" header right in the debugging. Is there something
else I have to do to get my principal/credentials automatically parsed
out so I don't have to do it manually?
S.B : Can you try to set a breakpoint in
org.apache.cxf.transport.http.AstractHttpDestination#setHeaders ? This is where AuthorizationPolicy is set...
But do you need AuthorizationPolicy which contains a decoded name/password only, or do you need a Principal object ?
cheers, Sergey
