For basic authentication, only the 401 response from the server contains a realm (as part of the WWW-Authenticate header). On the other hand, an authenticated request only contains the username and password, but no realm.
Andreas On Mon, Feb 8, 2010 at 06:02, SaravananRamamoorthy <[email protected]> wrote: > > Hi Andreas, > > Thanks for your suggestions and continous support. > > In SoapUI,I was not enable the authentication information to outgoing > request in the SOAPUI preferences. > We need to explicitly enable the checkbox, I go through the SOAPUI entire > documentation and found the solution. > > Now I can able to retrieve username and password. > > Please suggest me how to retrieve the domain(realm) using JAX RS. > > Thank you once again. > > Regards > Saravanan R > > > > > > Andreas Veithen-2 wrote: >> >> On Fri, Feb 5, 2010 at 17:52, KARR, DAVID (ATTSI) <[email protected]> wrote: >>>> -----Original Message----- >>>> From: SaravananRamamoorthy [mailto:[email protected]] >>>> Sent: Friday, February 05, 2010 8:31 AM >>>> To: [email protected] >>>> Subject: Re: Http basic authentication in JAX RS >>>> >>>> >>>> Hi Andreas, >>>> >>>> Thanks for your information. >>>> I will try to figure out what I made mistake in SOAP UI. >>>> Thanks for your help. >>> >>> Unless I'm missing something, there is no "mistake" in SoapUI, at least >>> with respect to this. I've tried to tell you several times that if you >>> don’t specify security constraints in your web.xml, then your application >>> will ignore security, and it will not process the Authorization header. >> >> If you replace "application" by "container", then this is true. Hence >> my question on the other thread about the place where he wants >> authentication to be performed (by the container, by CXF or by the >> JAX-RS service). >> >>>> Andreas Veithen-2 wrote: >>>> > >>>> > As you can see, SOAPUI doesn't send any Authorization header. Thus, >>>> > this is not a problem with CXF, but SOAPUI (unless SOAPUI only sends >>>> > the Authorization header after getting a 401/403 status code). >>>> > >>>> > Andreas >>>> > >>>> > On Fri, Feb 5, 2010 at 17:14, SaravananRamamoorthy >>>> > <[email protected]> wrote: >>>> >> >>>> >> Hi Andread, >>>> >> >>>> >> Please find the attachment.When the values are send through >>>> Header(s) >>>> >> tab, I >>>> >> can able to retrieve the information using HeaderParam. >>>> >> >>>> >> Regards >>>> >> SaravananRamamoorthy >>>> http://old.nabble.com/file/p27470023/SOAP_UI.zip >>>> >> SOAP_UI.zip >>>> >> >>>> >> >>>> >> >>>> >> Andreas Veithen-2 wrote: >>>> >>> >>>> >>> In SOAPUI, after sending the request, you can switch to the "Raw" >>>> tab >>>> >>> in order to see the request (including headers) that SOAPUI has >>>> sent. >>>> >>> Can you show us this information? >>>> >>> >>>> >>> Andreas >>>> >>> >>>> >>> On Fri, Feb 5, 2010 at 16:13, SaravananRamamoorthy >>>> >>> <[email protected]> wrote: >>>> >>>> >>>> >>>> Hi Andreas , >>>> >>>> >>>> >>>> I can able to get the values, when I send the information through >>>> >>>> header.It >>>> >>>> works fine. >>>> >>>> But when I send the credentials using Authentication part,I cannot >>>> able >>>> >>>> to >>>> >>>> retrieve. >>>> >>>> >>>> >>>> Regards >>>> >>>> SaravananRamamoorthy >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> Andreas Veithen-2 wrote: >>>> >>>>> >>>> >>>>> What Sergey actually wants you to do is to check if that >>>> information >>>> >>>>> reaches the JAX-RS service, i.e. to try retrieving this >>>> information >>>> >>>>> using a method parameter annotated with >>>> @HeaderParam("Authorization"). >>>> >>>>> >>>> >>>>> Andreas >>>> >>>>> >>>> >>>>> On Fri, Feb 5, 2010 at 15:36, SaravananRamamoorthy >>>> >>>>> <[email protected]> wrote: >>>> >>>>>> >>>> >>>>>> Hi Sergey, >>>> >>>>>> >>>> >>>>>> >>>> >>>>>> Thanks for your continuous help. >>>> >>>>>> I can able to get the value when the values are given in the >>>> header >>>> >>>>>> part. >>>> >>>>>> What is the case if the credentials are given in Authentication >>>> part. >>>> >>>>>> I have attached the screenshot for giving the credentials in aut >>>> >>>>>> part. >>>> >>>>>> In this case how can I retrieve the details. >>>> >>>>>> http://old.nabble.com/file/p27468603/authentication.PNG >>>> >>>>>> authentication.PNG >>>> >>>>>> >>>> >>>>>> Regards >>>> >>>>>> SaravananRamamoorthy >>>> >>>>>> >>>> >>>>>> >>>> >>>>>> Sergey Beryozkin-2 wrote: >>>> >>>>>>> >>>> >>>>>>> Can you post the value of this header please ? >>>> >>>>>>> cheers, Sergey >>>> >>>>>>> >>>> >>>>>>>> >>>> >>>>>>>> Hi Sergey, >>>> >>>>>>>> >>>> >>>>>>>> Yes. The authorization header is sent by the client. I have >>>> used >>>> >>>>>>>> SOAPUI >>>> >>>>>>>> for >>>> >>>>>>>> this. >>>> >>>>>>>> >>>> >>>>>>>> Regards >>>> >>>>>>>> SaravananRamamoorthy >>>> >>>>>>>> >>>> >>>>>>>> >>>> >>>>>>>> >>>> >>>>>>>> Sergey Beryozkin-2 wrote: >>>> >>>>>>>>> >>>> >>>>>>>>> I've already asked twice : is Authorization header actually >>>> being >>>> >>>>>>>>> sent >>>> >>>>>>>>> by >>>> >>>>>>>>> a client ? >>>> >>>>>>>>> Can you tell me please if it is the case or not ? Try adding >>>> a >>>> >>>>>>>>> JAXRS >>>> >>>>>>>>> >>>> >>>>>>>>> @HeaderParam("Authorization") String value >>>> >>>>>>>>> >>>> >>>>>>>>> to your jaxrs resource method and print the resulting value. >>>> >>>>>>>>> >>>> >>>>>>>>> cheers. Sergey >>>> >>>>>>>>> >>>> >>>>>>>>> >>>> >>>>>>>>>> >>>> >>>>>>>>>> Hi Sergey, >>>> >>>>>>>>>> >>>> >>>>>>>>>> I tried with MessageContext , MessageContextImpl and >>>> >>>>>>>>>> SecurityContext. >>>> >>>>>>>>>> But >>>> >>>>>>>>>> it >>>> >>>>>>>>>> always return null. >>>> >>>>>>>>>> Do we need anything to be configure in web.xml? >>>> >>>>>>>>>> Regards >>>> >>>>>>>>>> SaravananRamamoorthy >>>> >>>>>>>>>> >>>> >>>>>>>>>> >>>> >>>>>>>>>> >>>> >>>>>>>>>> Sergey Beryozkin-2 wrote: >>>> >>>>>>>>>>> >>>> >>>>>>>>>>> Please check >>>> >>>>>>>>>>> >>>> >>>>>>>>>>> http://cxf.apache.org/docs/debugging-and-logging.html >>>> >>>>>>>>>>> >>>> >>>>>>>>>>> and see the list of tools you can use to check if the >>>> >>>>>>>>>>> Authorization >>>> >>>>>>>>>>> header >>>> >>>>>>>>>>> is actually available on the wire. I also like TcpTrace : >>>> >>>>>>>>>>> http://www.pocketsoap.com/tcptrace/ >>>> >>>>>>>>>>> >>>> >>>>>>>>>>> Provided this header is present, you can parse it manually >>>> by >>>> >>>>>>>>>>> using >>>> >>>>>>>>>>> JAXRS >>>> >>>>>>>>>>> @HeaderParam. I'm sure there're plenty of Base64 decoding >>>> >>>>>>>>>>> utils around and CXF has the one too >>>> >>>>>>>>>>> (org.apache.cxf.common.util.Base64Utility). >>>> >>>>>>>>>>> >>>> >>>>>>>>>>> Alternatively youy can have a @Context MessageContext >>>> parameter >>>> >>>>>>>>>>> passed >>>> >>>>>>>>>>> in >>>> >>>>>>>>>>> too and then do >>>> >>>>>>>>>>> mc.get(AuthorizationPolicy.class.getName()); >>>> >>>>>>>>>>> >>>> >>>>>>>>>>> Sergey >>>> >>>>>>>>>>> >>>> >>>>>>>>>>> ----- Original Message ----- >>>> >>>>>>>>>>> From: "SaravananRamamoorthy" >>>> <[email protected]> >>>> >>>>>>>>>>> To: <[email protected]> >>>> >>>>>>>>>>> Sent: Wednesday, February 03, 2010 4:29 PM >>>> >>>>>>>>>>> Subject: Re: Http basic authentication in JAX RS >>>> >>>>>>>>>>> >>>> >>>>>>>>>>> >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> Hi Sergey, >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> Thanks for your suggestions. >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> I am new to apache cxf. >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> Is there any direct interface or context availabe to >>>> receive >>>> >>>>>>>>>>>> the >>>> >>>>>>>>>>>> authentication details just like @QueryParam.(for >>>> receiving >>>> >>>>>>>>>>>> query >>>> >>>>>>>>>>>> string). >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> It is enough to print the username and the password in the >>>> >>>>>>>>>>>> console. >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> Please provide the solution. >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> Regards >>>> >>>>>>>>>>>> Saravanan R >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> Sergey Beryozkin-2 wrote: >>>> >>>>>>>>>>>>> >>>> >>>>>>>>>>>>> Actually, just looked at the source of >>>> MessageContextImpl, it >>>> >>>>>>>>>>>>> should >>>> >>>>>>>>>>>>> be >>>> >>>>>>>>>>>>> mc.get(AuthorizationPolicy.class.getName()) when >>>> retrieving >>>> >>>>>>>>>>>>> it from MessageContext given that uses toString() on the >>>> >>>>>>>>>>>>> object >>>> >>>>>>>>>>>>> keys. >>>> >>>>>>>>>>>>> Also make sure you're actually seeing an Authorization >>>> header >>>> >>>>>>>>>>>>> on >>>> >>>>>>>>>>>>> the >>>> >>>>>>>>>>>>> wire >>>> >>>>>>>>>>>>> >>>> >>>>>>>>>>>>> cheers, Sergey >>>> >>>>>>>>>>>>> >>>> >>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>> Hi Sergey, >>>> >>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>> I tried with your suggestions like >>>> >>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>> public Response getCredentials(@Context MessageContext >>>> mc) >>>> >>>>>>>>>>>>>> { >>>> >>>>>>>>>>>>>> AuthorizationPolicy policy = >>>> >>>>>>>>>>>>>> (AuthorizationPolicy)mc.get(AuthorizationPolicy.class); >>>> >>>>>>>>>>>>>> System.out.println(policy.getUserName()); >>>> >>>>>>>>>>>>>> ....... >>>> >>>>>>>>>>>>>> ....... >>>> >>>>>>>>>>>>>> When I tried to give the Authentication from SOAP UI, I >>>> got >>>> >>>>>>>>>>>>>> null. >>>> >>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>> Please correct me where I did the mistake. >>>> >>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>> Regards >>>> >>>>>>>>>>>>>> Saravanan R >>>> >>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>> Sergey Beryozkin-2 wrote: >>>> >>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>> Hi >>>> >>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>> The only way at the moment to get AuthorizationPolicy >>>> object >>>> >>>>>>>>>>>>>>> in >>>> >>>>>>>>>>>>>>> the >>>> >>>>>>>>>>>>>>> app >>>> >>>>>>>>>>>>>>> code is to do something like this : >>>> >>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>> @Context MessageContext mc; >>>> >>>>>>>>>>>>>>> .... >>>> >>>>>>>>>>>>>>> AuthorizationPolicy policy = >>>> >>>>>>>>>>>>>>> (AuthorizationPolicy)mc.get(AuthorizationPolicy.class); >>>> >>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>> cheers, Sergey >>>> >>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> Hi All, >>>> >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> I am creating REST application using JAX RS. >>>> >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> I am using SOAPUI to test the application. >>>> >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> My Rest needs to receive the Http Basic Authentication >>>> from >>>> >>>>>>>>>>>>>>>> the >>>> >>>>>>>>>>>>>>>> SOAPUI. >>>> >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> I just want to receive the authentication details like >>>> >>>>>>>>>>>>>>>> username,password and >>>> >>>>>>>>>>>>>>>> domain in JAX RS method. >>>> >>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>> Can anyone give the idea how to get the authentication >>>> >>>>>>>>>>>>>>>> details >>>> >>>>>>>>>>>>>>>> in >>>> >>>>>>>>>>>>>>>> the >>>> >>>>>>>>>>>>>>>> parameter of the method. >>>> >>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>> I ended up not needing this, but I experimented with >>>> >>>>>>>>>>>>>>> creating >>>> >>>>>>>>>>>>>>> an >>>> >>>>>>>>>>>>>>> "AuthorizationRequestHandler" class (implements >>>> >>>>>>>>>>>>>>> RequestHandler) >>>> >>>>>>>>>>>>>>> and >>>> >>>>>>>>>>>>>>> putting that in my "jaxrs:providers" list. That >>>> requires a >>>> >>>>>>>>>>>>>>> "handleRequest(Message message, ClassResourceInfo >>>> >>>>>>>>>>>>>>> classResourceInfo)" >>>> >>>>>>>>>>>>>>> method, where I can call "AuthorizationPolicy policy = >>>> >>>>>>>>>>>>>>> message.get(AuthorizationPolicy.class);". The >>>> >>>>>>>>>>>>>>> AuthorizationPolicy >>>> >>>>>>>>>>>>>>> contains the username and password. >>>> >>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>> What is not clear to me, however, is where this object >>>> is >>>> >>>>>>>>>>>>>>> available >>>> >>>>>>>>>>>>>>> somehow at the controller level. >>>> >>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>> -- >>>> >>>>>>>>>>>>>> View this message in context: >>>> >>>>>>>>>>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX- >>>> RS-tp27416364p27437539.html >>>> >>>>>>>>>>>>>> Sent from the cxf-user mailing list archive at >>>> Nabble.com. >>>> >>>>>>>>>>>>>> >>>> >>>>>>>>>>>>> >>>> >>>>>>>>>>>>> >>>> >>>>>>>>>>>>> >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> -- >>>> >>>>>>>>>>>> View this message in context: >>>> >>>>>>>>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS- >>>> tp27416364p27439212.html >>>> >>>>>>>>>>>> Sent from the cxf-user mailing list archive at Nabble.com. >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>> >>>> >>>>>>>>>>> >>>> >>>>>>>>>>> >>>> >>>>>>>>>> >>>> >>>>>>>>>> -- >>>> >>>>>>>>>> View this message in context: >>>> >>>>>>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS- >>>> tp27416364p27452426.html >>>> >>>>>>>>>> Sent from the cxf-user mailing list archive at Nabble.com. >>>> >>>>>>>>>> >>>> >>>>>>>>> >>>> >>>>>>>>> >>>> >>>>>>>> >>>> >>>>>>>> -- >>>> >>>>>>>> View this message in context: >>>> >>>>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS- >>>> tp27416364p27467082.html >>>> >>>>>>>> Sent from the cxf-user mailing list archive at Nabble.com. >>>> >>>>>>>> >>>> >>>>>>> >>>> >>>>>>> >>>> >>>>>> >>>> >>>>>> -- >>>> >>>>>> View this message in context: >>>> >>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS- >>>> tp27416364p27468603.html >>>> >>>>>> Sent from the cxf-user mailing list archive at Nabble.com. >>>> >>>>>> >>>> >>>>>> >>>> >>>>> >>>> >>>>> >>>> >>>> >>>> >>>> -- >>>> >>>> View this message in context: >>>> >>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS- >>>> tp27416364p27469191.html >>>> >>>> Sent from the cxf-user mailing list archive at Nabble.com. >>>> >>>> >>>> >>>> >>>> >>> >>>> >>> >>>> >> >>>> >> -- >>>> >> View this message in context: >>>> >> http://old.nabble.com/Http-basic-authentication-in-JAX-RS- >>>> tp27416364p27470023.html >>>> >> Sent from the cxf-user mailing list archive at Nabble.com. >>>> >> >>>> >> >>>> > >>>> > >>>> >>>> -- >>>> View this message in context: http://old.nabble.com/Http-basic- >>>> authentication-in-JAX-RS-tp27416364p27470342.html >>>> Sent from the cxf-user mailing list archive at Nabble.com. >>> >>> >> >> > > -- > View this message in context: > http://old.nabble.com/Http-basic-authentication-in-JAX-RS-tp27416364p27495332.html > Sent from the cxf-user mailing list archive at Nabble.com. > >
