Hi Andreas, Thanks for your information.
Regards Saravanan R Andreas Veithen-2 wrote: > > For basic authentication, only the 401 response from the server > contains a realm (as part of the WWW-Authenticate header). On the > other hand, an authenticated request only contains the username and > password, but no realm. > > Andreas > > On Mon, Feb 8, 2010 at 06:02, SaravananRamamoorthy > <[email protected]> wrote: >> >> Hi Andreas, >> >> Thanks for your suggestions and continous support. >> >> In SoapUI,I was not enable the authentication information to outgoing >> request in the SOAPUI preferences. >> We need to explicitly enable the checkbox, I go through the SOAPUI entire >> documentation and found the solution. >> >> Now I can able to retrieve username and password. >> >> Please suggest me how to retrieve the domain(realm) using JAX RS. >> >> Thank you once again. >> >> Regards >> Saravanan R >> >> >> >> >> >> Andreas Veithen-2 wrote: >>> >>> On Fri, Feb 5, 2010 at 17:52, KARR, DAVID (ATTSI) <[email protected]> >>> wrote: >>>>> -----Original Message----- >>>>> From: SaravananRamamoorthy [mailto:[email protected]] >>>>> Sent: Friday, February 05, 2010 8:31 AM >>>>> To: [email protected] >>>>> Subject: Re: Http basic authentication in JAX RS >>>>> >>>>> >>>>> Hi Andreas, >>>>> >>>>> Thanks for your information. >>>>> I will try to figure out what I made mistake in SOAP UI. >>>>> Thanks for your help. >>>> >>>> Unless I'm missing something, there is no "mistake" in SoapUI, at least >>>> with respect to this. I've tried to tell you several times that if you >>>> don’t specify security constraints in your web.xml, then your >>>> application >>>> will ignore security, and it will not process the Authorization header. >>> >>> If you replace "application" by "container", then this is true. Hence >>> my question on the other thread about the place where he wants >>> authentication to be performed (by the container, by CXF or by the >>> JAX-RS service). >>> >>>>> Andreas Veithen-2 wrote: >>>>> > >>>>> > As you can see, SOAPUI doesn't send any Authorization header. Thus, >>>>> > this is not a problem with CXF, but SOAPUI (unless SOAPUI only sends >>>>> > the Authorization header after getting a 401/403 status code). >>>>> > >>>>> > Andreas >>>>> > >>>>> > On Fri, Feb 5, 2010 at 17:14, SaravananRamamoorthy >>>>> > <[email protected]> wrote: >>>>> >> >>>>> >> Hi Andread, >>>>> >> >>>>> >> Please find the attachment.When the values are send through >>>>> Header(s) >>>>> >> tab, I >>>>> >> can able to retrieve the information using HeaderParam. >>>>> >> >>>>> >> Regards >>>>> >> SaravananRamamoorthy >>>>> http://old.nabble.com/file/p27470023/SOAP_UI.zip >>>>> >> SOAP_UI.zip >>>>> >> >>>>> >> >>>>> >> >>>>> >> Andreas Veithen-2 wrote: >>>>> >>> >>>>> >>> In SOAPUI, after sending the request, you can switch to the "Raw" >>>>> tab >>>>> >>> in order to see the request (including headers) that SOAPUI has >>>>> sent. >>>>> >>> Can you show us this information? >>>>> >>> >>>>> >>> Andreas >>>>> >>> >>>>> >>> On Fri, Feb 5, 2010 at 16:13, SaravananRamamoorthy >>>>> >>> <[email protected]> wrote: >>>>> >>>> >>>>> >>>> Hi Andreas , >>>>> >>>> >>>>> >>>> I can able to get the values, when I send the information through >>>>> >>>> header.It >>>>> >>>> works fine. >>>>> >>>> But when I send the credentials using Authentication part,I >>>>> cannot >>>>> able >>>>> >>>> to >>>>> >>>> retrieve. >>>>> >>>> >>>>> >>>> Regards >>>>> >>>> SaravananRamamoorthy >>>>> >>>> >>>>> >>>> >>>>> >>>> >>>>> >>>> Andreas Veithen-2 wrote: >>>>> >>>>> >>>>> >>>>> What Sergey actually wants you to do is to check if that >>>>> information >>>>> >>>>> reaches the JAX-RS service, i.e. to try retrieving this >>>>> information >>>>> >>>>> using a method parameter annotated with >>>>> @HeaderParam("Authorization"). >>>>> >>>>> >>>>> >>>>> Andreas >>>>> >>>>> >>>>> >>>>> On Fri, Feb 5, 2010 at 15:36, SaravananRamamoorthy >>>>> >>>>> <[email protected]> wrote: >>>>> >>>>>> >>>>> >>>>>> Hi Sergey, >>>>> >>>>>> >>>>> >>>>>> >>>>> >>>>>> Thanks for your continuous help. >>>>> >>>>>> I can able to get the value when the values are given in the >>>>> header >>>>> >>>>>> part. >>>>> >>>>>> What is the case if the credentials are given in Authentication >>>>> part. >>>>> >>>>>> I have attached the screenshot for giving the credentials in >>>>> aut >>>>> >>>>>> part. >>>>> >>>>>> In this case how can I retrieve the details. >>>>> >>>>>> http://old.nabble.com/file/p27468603/authentication.PNG >>>>> >>>>>> authentication.PNG >>>>> >>>>>> >>>>> >>>>>> Regards >>>>> >>>>>> SaravananRamamoorthy >>>>> >>>>>> >>>>> >>>>>> >>>>> >>>>>> Sergey Beryozkin-2 wrote: >>>>> >>>>>>> >>>>> >>>>>>> Can you post the value of this header please ? >>>>> >>>>>>> cheers, Sergey >>>>> >>>>>>> >>>>> >>>>>>>> >>>>> >>>>>>>> Hi Sergey, >>>>> >>>>>>>> >>>>> >>>>>>>> Yes. The authorization header is sent by the client. I have >>>>> used >>>>> >>>>>>>> SOAPUI >>>>> >>>>>>>> for >>>>> >>>>>>>> this. >>>>> >>>>>>>> >>>>> >>>>>>>> Regards >>>>> >>>>>>>> SaravananRamamoorthy >>>>> >>>>>>>> >>>>> >>>>>>>> >>>>> >>>>>>>> >>>>> >>>>>>>> Sergey Beryozkin-2 wrote: >>>>> >>>>>>>>> >>>>> >>>>>>>>> I've already asked twice : is Authorization header actually >>>>> being >>>>> >>>>>>>>> sent >>>>> >>>>>>>>> by >>>>> >>>>>>>>> a client ? >>>>> >>>>>>>>> Can you tell me please if it is the case or not ? Try adding >>>>> a >>>>> >>>>>>>>> JAXRS >>>>> >>>>>>>>> >>>>> >>>>>>>>> @HeaderParam("Authorization") String value >>>>> >>>>>>>>> >>>>> >>>>>>>>> to your jaxrs resource method and print the resulting value. >>>>> >>>>>>>>> >>>>> >>>>>>>>> cheers. Sergey >>>>> >>>>>>>>> >>>>> >>>>>>>>> >>>>> >>>>>>>>>> >>>>> >>>>>>>>>> Hi Sergey, >>>>> >>>>>>>>>> >>>>> >>>>>>>>>> I tried with MessageContext , MessageContextImpl and >>>>> >>>>>>>>>> SecurityContext. >>>>> >>>>>>>>>> But >>>>> >>>>>>>>>> it >>>>> >>>>>>>>>> always return null. >>>>> >>>>>>>>>> Do we need anything to be configure in web.xml? >>>>> >>>>>>>>>> Regards >>>>> >>>>>>>>>> SaravananRamamoorthy >>>>> >>>>>>>>>> >>>>> >>>>>>>>>> >>>>> >>>>>>>>>> >>>>> >>>>>>>>>> Sergey Beryozkin-2 wrote: >>>>> >>>>>>>>>>> >>>>> >>>>>>>>>>> Please check >>>>> >>>>>>>>>>> >>>>> >>>>>>>>>>> http://cxf.apache.org/docs/debugging-and-logging.html >>>>> >>>>>>>>>>> >>>>> >>>>>>>>>>> and see the list of tools you can use to check if the >>>>> >>>>>>>>>>> Authorization >>>>> >>>>>>>>>>> header >>>>> >>>>>>>>>>> is actually available on the wire. I also like TcpTrace : >>>>> >>>>>>>>>>> http://www.pocketsoap.com/tcptrace/ >>>>> >>>>>>>>>>> >>>>> >>>>>>>>>>> Provided this header is present, you can parse it manually >>>>> by >>>>> >>>>>>>>>>> using >>>>> >>>>>>>>>>> JAXRS >>>>> >>>>>>>>>>> @HeaderParam. I'm sure there're plenty of Base64 decoding >>>>> >>>>>>>>>>> utils around and CXF has the one too >>>>> >>>>>>>>>>> (org.apache.cxf.common.util.Base64Utility). >>>>> >>>>>>>>>>> >>>>> >>>>>>>>>>> Alternatively youy can have a @Context MessageContext >>>>> parameter >>>>> >>>>>>>>>>> passed >>>>> >>>>>>>>>>> in >>>>> >>>>>>>>>>> too and then do >>>>> >>>>>>>>>>> mc.get(AuthorizationPolicy.class.getName()); >>>>> >>>>>>>>>>> >>>>> >>>>>>>>>>> Sergey >>>>> >>>>>>>>>>> >>>>> >>>>>>>>>>> ----- Original Message ----- >>>>> >>>>>>>>>>> From: "SaravananRamamoorthy" >>>>> <[email protected]> >>>>> >>>>>>>>>>> To: <[email protected]> >>>>> >>>>>>>>>>> Sent: Wednesday, February 03, 2010 4:29 PM >>>>> >>>>>>>>>>> Subject: Re: Http basic authentication in JAX RS >>>>> >>>>>>>>>>> >>>>> >>>>>>>>>>> >>>>> >>>>>>>>>>>> >>>>> >>>>>>>>>>>> Hi Sergey, >>>>> >>>>>>>>>>>> >>>>> >>>>>>>>>>>> Thanks for your suggestions. >>>>> >>>>>>>>>>>> >>>>> >>>>>>>>>>>> I am new to apache cxf. >>>>> >>>>>>>>>>>> >>>>> >>>>>>>>>>>> Is there any direct interface or context availabe to >>>>> receive >>>>> >>>>>>>>>>>> the >>>>> >>>>>>>>>>>> authentication details just like @QueryParam.(for >>>>> receiving >>>>> >>>>>>>>>>>> query >>>>> >>>>>>>>>>>> string). >>>>> >>>>>>>>>>>> >>>>> >>>>>>>>>>>> It is enough to print the username and the password in >>>>> the >>>>> >>>>>>>>>>>> console. >>>>> >>>>>>>>>>>> >>>>> >>>>>>>>>>>> Please provide the solution. >>>>> >>>>>>>>>>>> >>>>> >>>>>>>>>>>> Regards >>>>> >>>>>>>>>>>> Saravanan R >>>>> >>>>>>>>>>>> >>>>> >>>>>>>>>>>> >>>>> >>>>>>>>>>>> >>>>> >>>>>>>>>>>> >>>>> >>>>>>>>>>>> >>>>> >>>>>>>>>>>> >>>>> >>>>>>>>>>>> >>>>> >>>>>>>>>>>> >>>>> >>>>>>>>>>>> >>>>> >>>>>>>>>>>> >>>>> >>>>>>>>>>>> >>>>> >>>>>>>>>>>> >>>>> >>>>>>>>>>>> >>>>> >>>>>>>>>>>> Sergey Beryozkin-2 wrote: >>>>> >>>>>>>>>>>>> >>>>> >>>>>>>>>>>>> Actually, just looked at the source of >>>>> MessageContextImpl, it >>>>> >>>>>>>>>>>>> should >>>>> >>>>>>>>>>>>> be >>>>> >>>>>>>>>>>>> mc.get(AuthorizationPolicy.class.getName()) when >>>>> retrieving >>>>> >>>>>>>>>>>>> it from MessageContext given that uses toString() on the >>>>> >>>>>>>>>>>>> object >>>>> >>>>>>>>>>>>> keys. >>>>> >>>>>>>>>>>>> Also make sure you're actually seeing an Authorization >>>>> header >>>>> >>>>>>>>>>>>> on >>>>> >>>>>>>>>>>>> the >>>>> >>>>>>>>>>>>> wire >>>>> >>>>>>>>>>>>> >>>>> >>>>>>>>>>>>> cheers, Sergey >>>>> >>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>> Hi Sergey, >>>>> >>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>> I tried with your suggestions like >>>>> >>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>> public Response getCredentials(@Context MessageContext >>>>> mc) >>>>> >>>>>>>>>>>>>> { >>>>> >>>>>>>>>>>>>> AuthorizationPolicy policy = >>>>> >>>>>>>>>>>>>> (AuthorizationPolicy)mc.get(AuthorizationPolicy.class); >>>>> >>>>>>>>>>>>>> >>>>> System.out.println(policy.getUserName()); >>>>> >>>>>>>>>>>>>> ....... >>>>> >>>>>>>>>>>>>> ....... >>>>> >>>>>>>>>>>>>> When I tried to give the Authentication from SOAP UI, I >>>>> got >>>>> >>>>>>>>>>>>>> null. >>>>> >>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>> Please correct me where I did the mistake. >>>>> >>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>> Regards >>>>> >>>>>>>>>>>>>> Saravanan R >>>>> >>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>> Sergey Beryozkin-2 wrote: >>>>> >>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>>> Hi >>>>> >>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>>> The only way at the moment to get AuthorizationPolicy >>>>> object >>>>> >>>>>>>>>>>>>>> in >>>>> >>>>>>>>>>>>>>> the >>>>> >>>>>>>>>>>>>>> app >>>>> >>>>>>>>>>>>>>> code is to do something like this : >>>>> >>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>>> @Context MessageContext mc; >>>>> >>>>>>>>>>>>>>> .... >>>>> >>>>>>>>>>>>>>> AuthorizationPolicy policy = >>>>> >>>>>>>>>>>>>>> >>>>> (AuthorizationPolicy)mc.get(AuthorizationPolicy.class); >>>>> >>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>>> cheers, Sergey >>>>> >>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>>>> Hi All, >>>>> >>>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>>>> I am creating REST application using JAX RS. >>>>> >>>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>>>> I am using SOAPUI to test the application. >>>>> >>>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>>>> My Rest needs to receive the Http Basic >>>>> Authentication >>>>> from >>>>> >>>>>>>>>>>>>>>> the >>>>> >>>>>>>>>>>>>>>> SOAPUI. >>>>> >>>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>>>> I just want to receive the authentication details >>>>> like >>>>> >>>>>>>>>>>>>>>> username,password and >>>>> >>>>>>>>>>>>>>>> domain in JAX RS method. >>>>> >>>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>>>> Can anyone give the idea how to get the >>>>> authentication >>>>> >>>>>>>>>>>>>>>> details >>>>> >>>>>>>>>>>>>>>> in >>>>> >>>>>>>>>>>>>>>> the >>>>> >>>>>>>>>>>>>>>> parameter of the method. >>>>> >>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>>> I ended up not needing this, but I experimented with >>>>> >>>>>>>>>>>>>>> creating >>>>> >>>>>>>>>>>>>>> an >>>>> >>>>>>>>>>>>>>> "AuthorizationRequestHandler" class (implements >>>>> >>>>>>>>>>>>>>> RequestHandler) >>>>> >>>>>>>>>>>>>>> and >>>>> >>>>>>>>>>>>>>> putting that in my "jaxrs:providers" list. That >>>>> requires a >>>>> >>>>>>>>>>>>>>> "handleRequest(Message message, ClassResourceInfo >>>>> >>>>>>>>>>>>>>> classResourceInfo)" >>>>> >>>>>>>>>>>>>>> method, where I can call "AuthorizationPolicy policy >>>>> = >>>>> >>>>>>>>>>>>>>> message.get(AuthorizationPolicy.class);". The >>>>> >>>>>>>>>>>>>>> AuthorizationPolicy >>>>> >>>>>>>>>>>>>>> contains the username and password. >>>>> >>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>>> What is not clear to me, however, is where this object >>>>> is >>>>> >>>>>>>>>>>>>>> available >>>>> >>>>>>>>>>>>>>> somehow at the controller level. >>>>> >>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>> -- >>>>> >>>>>>>>>>>>>> View this message in context: >>>>> >>>>>>>>>>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX- >>>>> RS-tp27416364p27437539.html >>>>> >>>>>>>>>>>>>> Sent from the cxf-user mailing list archive at >>>>> Nabble.com. >>>>> >>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>> >>>>> >>>>>>>>>>>>> >>>>> >>>>>>>>>>>>> >>>>> >>>>>>>>>>>> >>>>> >>>>>>>>>>>> -- >>>>> >>>>>>>>>>>> View this message in context: >>>>> >>>>>>>>>>>> >>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS- >>>>> tp27416364p27439212.html >>>>> >>>>>>>>>>>> Sent from the cxf-user mailing list archive at >>>>> Nabble.com. >>>>> >>>>>>>>>>>> >>>>> >>>>>>>>>>> >>>>> >>>>>>>>>>> >>>>> >>>>>>>>>>> >>>>> >>>>>>>>>> >>>>> >>>>>>>>>> -- >>>>> >>>>>>>>>> View this message in context: >>>>> >>>>>>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS- >>>>> tp27416364p27452426.html >>>>> >>>>>>>>>> Sent from the cxf-user mailing list archive at Nabble.com. >>>>> >>>>>>>>>> >>>>> >>>>>>>>> >>>>> >>>>>>>>> >>>>> >>>>>>>> >>>>> >>>>>>>> -- >>>>> >>>>>>>> View this message in context: >>>>> >>>>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS- >>>>> tp27416364p27467082.html >>>>> >>>>>>>> Sent from the cxf-user mailing list archive at Nabble.com. >>>>> >>>>>>>> >>>>> >>>>>>> >>>>> >>>>>>> >>>>> >>>>>> >>>>> >>>>>> -- >>>>> >>>>>> View this message in context: >>>>> >>>>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS- >>>>> tp27416364p27468603.html >>>>> >>>>>> Sent from the cxf-user mailing list archive at Nabble.com. >>>>> >>>>>> >>>>> >>>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>>> >>>> -- >>>>> >>>> View this message in context: >>>>> >>>> http://old.nabble.com/Http-basic-authentication-in-JAX-RS- >>>>> tp27416364p27469191.html >>>>> >>>> Sent from the cxf-user mailing list archive at Nabble.com. >>>>> >>>> >>>>> >>>> >>>>> >>> >>>>> >>> >>>>> >> >>>>> >> -- >>>>> >> View this message in context: >>>>> >> http://old.nabble.com/Http-basic-authentication-in-JAX-RS- >>>>> tp27416364p27470023.html >>>>> >> Sent from the cxf-user mailing list archive at Nabble.com. >>>>> >> >>>>> >> >>>>> > >>>>> > >>>>> >>>>> -- >>>>> View this message in context: http://old.nabble.com/Http-basic- >>>>> authentication-in-JAX-RS-tp27416364p27470342.html >>>>> Sent from the cxf-user mailing list archive at Nabble.com. >>>> >>>> >>> >>> >> >> -- >> View this message in context: >> http://old.nabble.com/Http-basic-authentication-in-JAX-RS-tp27416364p27495332.html >> Sent from the cxf-user mailing list archive at Nabble.com. >> >> > > -- View this message in context: http://old.nabble.com/Http-basic-authentication-in-JAX-RS-tp27416364p27497613.html Sent from the cxf-user mailing list archive at Nabble.com.
