Thank you Josh,
My start itself was not good. I built a test jax-rs application which runs
as expected.
After this step I tried to see if I can enhance it using basic auth or form
auth. In order to do so I did following as described below:
Added following entries in web.xml as in step 1 and context.xml as in step 2
. I was expecting when I will try to access the app basic auth screen will
pop up.
After that I tried to see if I can put some spring filter chain but no
avail.
Step 1:
......................
.......................
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>/WEB-INF/classes/log4j.properties</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/security-context.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
step 2
I added following to security-context.xml
<jaxrs:server id="myService" address="/">
<jaxrs:serviceBeans>
<ref bean="serviceImpl" />
</jaxrs:serviceBeans>
<jaxrs:providers>
<bean
class="org.apache.cxf.systest.jaxrs.security.SecurityExceptionMapper"/>
</jaxrs:providers>
<jaxrs:extensionMappings>
<entry key="xml" value="application/xml" />
</jaxrs:extensionMappings>
</jaxrs:server>
<bean id="serviceImpl" class="com.foo.auth.test.ServiceImpl" />
<security:http auto-config='true'>
<security:intercept-url pattern="/**" access="ROLE_USER" />
<security:intercept-url pattern="/" access="ROLE_USER" />
</security:http>
<security:authentication-manager alias="foo" >
<security:authentication-provider>
<security:user-service>
<security:user name="bob" password="bobspassword"
authorities="ROLE_USER" />
<security:user name="foo" password="bar" authorities="ROLE_USER,
ROLE_ADMIN" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
On Mon, Mar 29, 2010 at 6:12 PM, Josh Holtzman <[email protected]>wrote:
> > But no luck.
>
> Can you elaborate? I've got spring security filters configured to
> intercept
> requests destined for CXF-based JAX-RS endpoints. How are you deploying
> your sevices, via web.xml [1]?
>
> [1] http://cwiki.apache.org/CXF20DOC/jax-rs.html#JAX-RS-web.xml
>
> Josh
>
> On Mon, Mar 29, 2010 at 2:55 PM, rangeli nepal <[email protected]
> >wrote:
>
> > Hello Everybody,
> >
> > Currently I am using CXF 2.2.6.
> >
> > I am trying to come up with a solution where I intercept every request. I
> > like to
> > protect my resources in two phase. Once certificate presented during
> > Client
> > auth (SSL cert.) is verified, I like to proceed with presenting login
> > screen.
> >
> > I was thinking of using spring filters. But no luck.
> > I was wondering if some one has any pointers?
> >
> > Thank you.
> > Santos
> >
>
