Thanks. I followed your suggestion now it works fine.
Sergey Beryozkin-2 wrote:
>
> Hi
>
> thanks for the clarification...Actually, I did not suggest to configure
> the interceptor to check for all the new services which
> might be added but rather check for the URI targeted at the AuthService
> only....
>
> I think one possible option is to add a custom jaxrs:property to all
> jaxrs:server endpoints such as "restful.endpoint"="true" and
> then check for it like this :
>
> if
> (MessageUtils.isTrue(message.getContextualProperty("restful.endpoint"))) {
> ...
> }
>
> Perhaps it might help ?
>
> cheers, Sergey
>
> ----- Original Message -----
> From: "JMalkan" <[email protected]>
> To: <[email protected]>
> Sent: Monday, February 15, 2010 11:38 PM
> Subject: RE: How to make WADL requests to pass through Interceptor
>
>
>
> Hi,
>
> I am working on a design put together by previous developer. So here is a
> bit of context.
> The main purpose of this interceptor is to only allow authorized user to
> execute services.
>
> 1. User invokes AuthService's login operation to establish the session and
> receives token
> 2. User invokes AuthService's login operation to terminate the session
> above 2 operations should pass through
> 3. User invokes any of the services - interceptor needs to call
> appropriate
> logic to validate user token.
> 4. WADL requests could pass through.
>
>
> With this see my comments inline.
>
>
> Jiggy.
>
>
> Sergey Beryozkin-2 wrote:
>>
>> Hi
>>
>> There's no CXF specific solution. Please see more comments inline
>>
>>
>> Hi Sergey,
>>
>> Again I greatly appreciate quick response.
>>
>> That is a potential solution. But still concerned about maintainability
>> as
>> new services gets configured or existing gets modified.
>>
>> Is there a way to tell CXF not to invoke interceptor for AuthService and
>> wadl requests?
>>
>>> S.B I'm not quite seeing why checking a Message.QUERY_STRING for a _wadl
>>> fragment does not fit as a general-enough solution ? Likewise, a custom
>>> AuthService is not something CXF is aware of...what is problematic in
>>> configuring an interceptor with the list of URI which have to be
>>> accepted
>>> and check them against say Message.REQUEST_URI ?
>>
>>> J.M This comes with maintenance cost - as we develop more services, we
>>> have to remember to add the service to configure interceptor as well. I
>>> would like relatively mistake free tight solution as you could imagine
>>> sensitivity around security of the system.
>>
>>
>> If answer to above question is "No" then
>> Is there a way to access rest configured URIs from the interceptor?
>>
>>> S.B : I can'r recall the code right now but you can get a list of all
>>> the
>>> endpoint addresses from a DestinationManager bus extension. However, it
>>> won't give a list of restful endpoints only...
>>
>>> J. M: May be this one will work.
>>
>>
>> I'm wondering, may be I'm not understanding your question ?
>> Cheers, Sergey
>>
>> Jiggy.
>>
>>
>> Sergey Beryozkin-2 wrote:
>>>
>>> Hi
>>>
>>> You can have uri values to be matched injected into your custom
>>> interceptor at configuration time if needed...
>>> Cheers, Sergey
>>>
>>> -----Original Message-----
>>> From: JMalkan [mailto:[email protected]]
>>> Sent: 15 February 2010 20:32
>>> To: [email protected]
>>> Subject: Re: How to make WADL requests to pass through Interceptor
>>>
>>>
>>> Hi Sergey,
>>>
>>> I appreciate quick response. I have been doing most of what you
>>> suggested.
>>> This is a coding solution requiring knowledge of expacted URIs.
>>>
>>> Is there a way to configure this?
>>>
>>>
>>>
>>> Jiggy.
>>>
>>>
>>> Sergey Beryozkin-2 wrote:
>>>>
>>>> Hi
>>>>
>>>> If you use a CXF interceptor then you can get a Message.QUERY_STRING
>>>> value
>>>> from a current Message and check if it contains a _wadl
>>>> part and if yes then let the request continue...
>>>>
>>>> Likewise given that you use JAXRS, you can get OperationResourceInfo
>>>> and
>>>> the actual method name from a current exchange :
>>>>
>>>> exchange.get(OperationResourceInfo.class).getMethodToInvoke().getName()
>>>> and you also can get the name of the resource class about to be invoked
>>>> upon :
>>>>
>>>> exchange.get(ClassResourceInfo.class).getServiceClass().getName()
>>>>
>>>> and if it's AuthService and it's login/logout then let the request to
>>>> continue
>>>>
>>>> Hope it helps, Sergey
>>>>
>>>> I am a newbee. I have an interceptor that extends from
>>>> AbstractPhaseInterceptor. This has been configured in spring cxf bus as
>>>> follows:
>>>>
>>>> <cxf:bus name="cxf-bus">
>>>> <cxf:inInterceptors>'
>>>> <ref bean="myAuthIntercept"/>
>>>> </cxf:inInterceptors>
>>>> </cxf:bus>
>>>>
>>>> The interceptors main job is to only allow authenticated user to access
>>>> service.
>>>> There are couple of exceptions.
>>>> 1. A WADL request for the published services.
>>>> Currently I have a hard coded list of URIs. Not a good solution. I
>>>> would
>>>> like to know if there is a way either to avoid interceptor invocation
>>>> on
>>>> WADL requests or access REST URIs dynamically?
>>>> 2. A request made to login/logout operation call made to AuthService.
>>>> Is there a way to make exception for this one service? I have many
>>>> services configured and would prefer not to configure each service with
>>>> in/out/fault interceptions.
>>>>
>>>>
>>>>
>>>> Jiggy.
>>>> --
>>>> View this message in context:
>>>> http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27595561.html
>>>> Sent from the cxf-user mailing list archive at Nabble.com.
>>>>
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27599555.html
>>> Sent from the cxf-user mailing list archive at Nabble.com.
>>>
>>>
>>>
>>
>> --
>> View this message in context:
>> http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27599801.html
>> Sent from the cxf-user mailing list archive at Nabble.com.
>>
>>
>>
>
> --
> View this message in context:
> http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27601801.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
>
>
--
View this message in context:
http://old.nabble.com/How-to-make-WADL-requests-to-pass-through-Interceptor-tp27595561p27614342.html
Sent from the cxf-user mailing list archive at Nabble.com.
