Hi
thanks for the clarification...Actually, I did not suggest to configure the interceptor to check for all the new services which
might be added but rather check for the URI targeted at the AuthService only....
I think one possible option is to add a custom jaxrs:property to all jaxrs:server endpoints such as "restful.endpoint"="true" and
then check for it like this :
if (MessageUtils.isTrue(message.getContextualProperty("restful.endpoint"))) {
...
}
Perhaps it might help ?
cheers, Sergey
----- Original Message -----
From: "JMalkan" <[email protected]>
To: <[email protected]>
Sent: Monday, February 15, 2010 11:38 PM
Subject: RE: How to make WADL requests to pass through Interceptor
Hi,
I am working on a design put together by previous developer. So here is a
bit of context.
The main purpose of this interceptor is to only allow authorized user to
execute services.
1. User invokes AuthService's login operation to establish the session and
receives token
2. User invokes AuthService's login operation to terminate the session
above 2 operations should pass through
3. User invokes any of the services - interceptor needs to call appropriate
logic to validate user token.
4. WADL requests could pass through.
With this see my comments inline.
Jiggy.
Sergey Beryozkin-2 wrote:
Hi
There's no CXF specific solution. Please see more comments inline
Hi Sergey,
Again I greatly appreciate quick response.
That is a potential solution. But still concerned about maintainability as
new services gets configured or existing gets modified.
Is there a way to tell CXF not to invoke interceptor for AuthService and
wadl requests?
S.B I'm not quite seeing why checking a Message.QUERY_STRING for a _wadl
fragment does not fit as a general-enough solution ? Likewise, a custom
AuthService is not something CXF is aware of...what is problematic in
configuring an interceptor with the list of URI which have to be accepted
and check them against say Message.REQUEST_URI ?
J.M This comes with maintenance cost - as we develop more services, we
have to remember to add the service to configure interceptor as well. I
would like relatively mistake free tight solution as you could imagine
sensitivity around security of the system.
If answer to above question is "No" then
Is there a way to access rest configured URIs from the interceptor?
S.B : I can'r recall the code right now but you can get a list of all the
endpoint addresses from a DestinationManager bus extension. However, it
won't give a list of restful endpoints only...
J. M: May be this one will work.
I'm wondering, may be I'm not understanding your question ?
Cheers, Sergey
Jiggy.
Sergey Beryozkin-2 wrote:
Hi
You can have uri values to be matched injected into your custom
interceptor at configuration time if needed...
Cheers, Sergey
-----Original Message-----
From: JMalkan [mailto:[email protected]]
Sent: 15 February 2010 20:32
To: [email protected]
Subject: Re: How to make WADL requests to pass through Interceptor
Hi Sergey,
I appreciate quick response. I have been doing most of what you
suggested.
This is a coding solution requiring knowledge of expacted URIs.
Is there a way to configure this?
Jiggy.
Sergey Beryozkin-2 wrote:
Hi
If you use a CXF interceptor then you can get a Message.QUERY_STRING
value
from a current Message and check if it contains a _wadl
part and if yes then let the request continue...
Likewise given that you use JAXRS, you can get OperationResourceInfo and
the actual method name from a current exchange :
exchange.get(OperationResourceInfo.class).getMethodToInvoke().getName()
and you also can get the name of the resource class about to be invoked
upon :
exchange.get(ClassResourceInfo.class).getServiceClass().getName()
and if it's AuthService and it's login/logout then let the request to
continue
Hope it helps, Sergey
I am a newbee. I have an interceptor that extends from
AbstractPhaseInterceptor. This has been configured in spring cxf bus as
follows:
<cxf:bus name="cxf-bus">
<cxf:inInterceptors>'
<ref bean="myAuthIntercept"/>
</cxf:inInterceptors>
</cxf:bus>
The interceptors main job is to only allow authenticated user to access
service.
There are couple of exceptions.
1. A WADL request for the published services.
Currently I have a hard coded list of URIs. Not a good solution. I
would
like to know if there is a way either to avoid interceptor invocation on
WADL requests or access REST URIs dynamically?
2. A request made to login/logout operation call made to AuthService.
Is there a way to make exception for this one service? I have many
services configured and would prefer not to configure each service with
in/out/fault interceptions.
Jiggy.
--
View this message in context:
http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27595561.html
Sent from the cxf-user mailing list archive at Nabble.com.
--
View this message in context:
http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27599555.html
Sent from the cxf-user mailing list archive at Nabble.com.
--
View this message in context:
http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27599801.html
Sent from the cxf-user mailing list archive at Nabble.com.
--
View this message in context:
http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27601801.html
Sent from the cxf-user mailing list archive at Nabble.com.
