> -----Original Message----- > From: SaravananRamamoorthy [mailto:[email protected]] > Sent: Friday, February 05, 2010 8:31 AM > To: [email protected] > Subject: Re: Http basic authentication in JAX RS > > > Hi Andreas, > > Thanks for your information. > I will try to figure out what I made mistake in SOAP UI. > Thanks for your help.
Unless I'm missing something, there is no "mistake" in SoapUI, at least with respect to this. I've tried to tell you several times that if you don’t specify security constraints in your web.xml, then your application will ignore security, and it will not process the Authorization header. > Andreas Veithen-2 wrote: > > > > As you can see, SOAPUI doesn't send any Authorization header. Thus, > > this is not a problem with CXF, but SOAPUI (unless SOAPUI only sends > > the Authorization header after getting a 401/403 status code). > > > > Andreas > > > > On Fri, Feb 5, 2010 at 17:14, SaravananRamamoorthy > > <[email protected]> wrote: > >> > >> Hi Andread, > >> > >> Please find the attachment.When the values are send through > Header(s) > >> tab, I > >> can able to retrieve the information using HeaderParam. > >> > >> Regards > >> SaravananRamamoorthy > http://old.nabble.com/file/p27470023/SOAP_UI.zip > >> SOAP_UI.zip > >> > >> > >> > >> Andreas Veithen-2 wrote: > >>> > >>> In SOAPUI, after sending the request, you can switch to the "Raw" > tab > >>> in order to see the request (including headers) that SOAPUI has > sent. > >>> Can you show us this information? > >>> > >>> Andreas > >>> > >>> On Fri, Feb 5, 2010 at 16:13, SaravananRamamoorthy > >>> <[email protected]> wrote: > >>>> > >>>> Hi Andreas , > >>>> > >>>> I can able to get the values, when I send the information through > >>>> header.It > >>>> works fine. > >>>> But when I send the credentials using Authentication part,I cannot > able > >>>> to > >>>> retrieve. > >>>> > >>>> Regards > >>>> SaravananRamamoorthy > >>>> > >>>> > >>>> > >>>> Andreas Veithen-2 wrote: > >>>>> > >>>>> What Sergey actually wants you to do is to check if that > information > >>>>> reaches the JAX-RS service, i.e. to try retrieving this > information > >>>>> using a method parameter annotated with > @HeaderParam("Authorization"). > >>>>> > >>>>> Andreas > >>>>> > >>>>> On Fri, Feb 5, 2010 at 15:36, SaravananRamamoorthy > >>>>> <[email protected]> wrote: > >>>>>> > >>>>>> Hi Sergey, > >>>>>> > >>>>>> > >>>>>> Thanks for your continuous help. > >>>>>> I can able to get the value when the values are given in the > header > >>>>>> part. > >>>>>> What is the case if the credentials are given in Authentication > part. > >>>>>> I have attached the screenshot for giving the credentials in aut > >>>>>> part. > >>>>>> In this case how can I retrieve the details. > >>>>>> http://old.nabble.com/file/p27468603/authentication.PNG > >>>>>> authentication.PNG > >>>>>> > >>>>>> Regards > >>>>>> SaravananRamamoorthy > >>>>>> > >>>>>> > >>>>>> Sergey Beryozkin-2 wrote: > >>>>>>> > >>>>>>> Can you post the value of this header please ? > >>>>>>> cheers, Sergey > >>>>>>> > >>>>>>>> > >>>>>>>> Hi Sergey, > >>>>>>>> > >>>>>>>> Yes. The authorization header is sent by the client. I have > used > >>>>>>>> SOAPUI > >>>>>>>> for > >>>>>>>> this. > >>>>>>>> > >>>>>>>> Regards > >>>>>>>> SaravananRamamoorthy > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> Sergey Beryozkin-2 wrote: > >>>>>>>>> > >>>>>>>>> I've already asked twice : is Authorization header actually > being > >>>>>>>>> sent > >>>>>>>>> by > >>>>>>>>> a client ? > >>>>>>>>> Can you tell me please if it is the case or not ? Try adding > a > >>>>>>>>> JAXRS > >>>>>>>>> > >>>>>>>>> @HeaderParam("Authorization") String value > >>>>>>>>> > >>>>>>>>> to your jaxrs resource method and print the resulting value. > >>>>>>>>> > >>>>>>>>> cheers. Sergey > >>>>>>>>> > >>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> Hi Sergey, > >>>>>>>>>> > >>>>>>>>>> I tried with MessageContext , MessageContextImpl and > >>>>>>>>>> SecurityContext. > >>>>>>>>>> But > >>>>>>>>>> it > >>>>>>>>>> always return null. > >>>>>>>>>> Do we need anything to be configure in web.xml? > >>>>>>>>>> Regards > >>>>>>>>>> SaravananRamamoorthy > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> Sergey Beryozkin-2 wrote: > >>>>>>>>>>> > >>>>>>>>>>> Please check > >>>>>>>>>>> > >>>>>>>>>>> http://cxf.apache.org/docs/debugging-and-logging.html > >>>>>>>>>>> > >>>>>>>>>>> and see the list of tools you can use to check if the > >>>>>>>>>>> Authorization > >>>>>>>>>>> header > >>>>>>>>>>> is actually available on the wire. I also like TcpTrace : > >>>>>>>>>>> http://www.pocketsoap.com/tcptrace/ > >>>>>>>>>>> > >>>>>>>>>>> Provided this header is present, you can parse it manually > by > >>>>>>>>>>> using > >>>>>>>>>>> JAXRS > >>>>>>>>>>> @HeaderParam. I'm sure there're plenty of Base64 decoding > >>>>>>>>>>> utils around and CXF has the one too > >>>>>>>>>>> (org.apache.cxf.common.util.Base64Utility). > >>>>>>>>>>> > >>>>>>>>>>> Alternatively youy can have a @Context MessageContext > parameter > >>>>>>>>>>> passed > >>>>>>>>>>> in > >>>>>>>>>>> too and then do > >>>>>>>>>>> mc.get(AuthorizationPolicy.class.getName()); > >>>>>>>>>>> > >>>>>>>>>>> Sergey > >>>>>>>>>>> > >>>>>>>>>>> ----- Original Message ----- > >>>>>>>>>>> From: "SaravananRamamoorthy" > <[email protected]> > >>>>>>>>>>> To: <[email protected]> > >>>>>>>>>>> Sent: Wednesday, February 03, 2010 4:29 PM > >>>>>>>>>>> Subject: Re: Http basic authentication in JAX RS > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> Hi Sergey, > >>>>>>>>>>>> > >>>>>>>>>>>> Thanks for your suggestions. > >>>>>>>>>>>> > >>>>>>>>>>>> I am new to apache cxf. > >>>>>>>>>>>> > >>>>>>>>>>>> Is there any direct interface or context availabe to > receive > >>>>>>>>>>>> the > >>>>>>>>>>>> authentication details just like @QueryParam.(for > receiving > >>>>>>>>>>>> query > >>>>>>>>>>>> string). > >>>>>>>>>>>> > >>>>>>>>>>>> It is enough to print the username and the password in the > >>>>>>>>>>>> console. > >>>>>>>>>>>> > >>>>>>>>>>>> Please provide the solution. > >>>>>>>>>>>> > >>>>>>>>>>>> Regards > >>>>>>>>>>>> Saravanan R > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> Sergey Beryozkin-2 wrote: > >>>>>>>>>>>>> > >>>>>>>>>>>>> Actually, just looked at the source of > MessageContextImpl, it > >>>>>>>>>>>>> should > >>>>>>>>>>>>> be > >>>>>>>>>>>>> mc.get(AuthorizationPolicy.class.getName()) when > retrieving > >>>>>>>>>>>>> it from MessageContext given that uses toString() on the > >>>>>>>>>>>>> object > >>>>>>>>>>>>> keys. > >>>>>>>>>>>>> Also make sure you're actually seeing an Authorization > header > >>>>>>>>>>>>> on > >>>>>>>>>>>>> the > >>>>>>>>>>>>> wire > >>>>>>>>>>>>> > >>>>>>>>>>>>> cheers, Sergey > >>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Hi Sergey, > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> I tried with your suggestions like > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> public Response getCredentials(@Context MessageContext > mc) > >>>>>>>>>>>>>> { > >>>>>>>>>>>>>> AuthorizationPolicy policy = > >>>>>>>>>>>>>> (AuthorizationPolicy)mc.get(AuthorizationPolicy.class); > >>>>>>>>>>>>>> System.out.println(policy.getUserName()); > >>>>>>>>>>>>>> ....... > >>>>>>>>>>>>>> ....... > >>>>>>>>>>>>>> When I tried to give the Authentication from SOAP UI, I > got > >>>>>>>>>>>>>> null. > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Please correct me where I did the mistake. > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Regards > >>>>>>>>>>>>>> Saravanan R > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Sergey Beryozkin-2 wrote: > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> Hi > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> The only way at the moment to get AuthorizationPolicy > object > >>>>>>>>>>>>>>> in > >>>>>>>>>>>>>>> the > >>>>>>>>>>>>>>> app > >>>>>>>>>>>>>>> code is to do something like this : > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> @Context MessageContext mc; > >>>>>>>>>>>>>>> .... > >>>>>>>>>>>>>>> AuthorizationPolicy policy = > >>>>>>>>>>>>>>> (AuthorizationPolicy)mc.get(AuthorizationPolicy.class); > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> cheers, Sergey > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Hi All, > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> I am creating REST application using JAX RS. > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> I am using SOAPUI to test the application. > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> My Rest needs to receive the Http Basic Authentication > from > >>>>>>>>>>>>>>>> the > >>>>>>>>>>>>>>>> SOAPUI. > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> I just want to receive the authentication details like > >>>>>>>>>>>>>>>> username,password and > >>>>>>>>>>>>>>>> domain in JAX RS method. > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Can anyone give the idea how to get the authentication > >>>>>>>>>>>>>>>> details > >>>>>>>>>>>>>>>> in > >>>>>>>>>>>>>>>> the > >>>>>>>>>>>>>>>> parameter of the method. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> I ended up not needing this, but I experimented with > >>>>>>>>>>>>>>> creating > >>>>>>>>>>>>>>> an > >>>>>>>>>>>>>>> "AuthorizationRequestHandler" class (implements > >>>>>>>>>>>>>>> RequestHandler) > >>>>>>>>>>>>>>> and > >>>>>>>>>>>>>>> putting that in my "jaxrs:providers" list. That > requires a > >>>>>>>>>>>>>>> "handleRequest(Message message, ClassResourceInfo > >>>>>>>>>>>>>>> classResourceInfo)" > >>>>>>>>>>>>>>> method, where I can call "AuthorizationPolicy policy = > >>>>>>>>>>>>>>> message.get(AuthorizationPolicy.class);". The > >>>>>>>>>>>>>>> AuthorizationPolicy > >>>>>>>>>>>>>>> contains the username and password. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> What is not clear to me, however, is where this object > is > >>>>>>>>>>>>>>> available > >>>>>>>>>>>>>>> somehow at the controller level. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> -- > >>>>>>>>>>>>>> View this message in context: > >>>>>>>>>>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX- > RS-tp27416364p27437539.html > >>>>>>>>>>>>>> Sent from the cxf-user mailing list archive at > Nabble.com. > >>>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> -- > >>>>>>>>>>>> View this message in context: > >>>>>>>>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS- > tp27416364p27439212.html > >>>>>>>>>>>> Sent from the cxf-user mailing list archive at Nabble.com. > >>>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> -- > >>>>>>>>>> View this message in context: > >>>>>>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS- > tp27416364p27452426.html > >>>>>>>>>> Sent from the cxf-user mailing list archive at Nabble.com. > >>>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>> > >>>>>>>> -- > >>>>>>>> View this message in context: > >>>>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS- > tp27416364p27467082.html > >>>>>>>> Sent from the cxf-user mailing list archive at Nabble.com. > >>>>>>>> > >>>>>>> > >>>>>>> > >>>>>> > >>>>>> -- > >>>>>> View this message in context: > >>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS- > tp27416364p27468603.html > >>>>>> Sent from the cxf-user mailing list archive at Nabble.com. > >>>>>> > >>>>>> > >>>>> > >>>>> > >>>> > >>>> -- > >>>> View this message in context: > >>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS- > tp27416364p27469191.html > >>>> Sent from the cxf-user mailing list archive at Nabble.com. > >>>> > >>>> > >>> > >>> > >> > >> -- > >> View this message in context: > >> http://old.nabble.com/Http-basic-authentication-in-JAX-RS- > tp27416364p27470023.html > >> Sent from the cxf-user mailing list archive at Nabble.com. > >> > >> > > > > > > -- > View this message in context: http://old.nabble.com/Http-basic- > authentication-in-JAX-RS-tp27416364p27470342.html > Sent from the cxf-user mailing list archive at Nabble.com.
