Adding some logging listeners to your spring configuration might give you more information about what's going on with your filters.
<bean class="org.springframework.security.event.authentication.LoggerListener" /> <bean class="org.springframework.security.event.authorization.LoggerListener" /> Josh On Mon, Mar 29, 2010 at 6:39 PM, rangeli nepal <[email protected]>wrote: > Thank you Josh, > > My start itself was not good. I built a test jax-rs application which runs > as expected. > > After this step I tried to see if I can enhance it using basic auth or form > auth. In order to do so I did following as described below: > > Added following entries in web.xml as in step 1 and context.xml as in step > 2 > . I was expecting when I will try to access the app basic auth screen will > pop up. > After that I tried to see if I can put some spring filter chain but no > avail. > > > Step 1: > > ...................... > ....................... > <context-param> > <param-name>log4jConfigLocation</param-name> > <param-value>/WEB-INF/classes/log4j.properties</param-value> > </context-param> > > <listener> > > > > <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class> > </listener> > > <context-param> > <param-name>contextConfigLocation</param-name> > <param-value>/WEB-INF/security-context.xml</param-value> > </context-param> > > <listener> > > > > <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> > </listener> > <filter> > <filter-name>springSecurityFilterChain</filter-name> > > > <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> > </filter> > <filter-mapping> > <filter-name>springSecurityFilterChain</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > > > step 2 > I added following to security-context.xml > > > <jaxrs:server id="myService" address="/"> > <jaxrs:serviceBeans> > <ref bean="serviceImpl" /> > </jaxrs:serviceBeans> > <jaxrs:providers> > <bean > class="org.apache.cxf.systest.jaxrs.security.SecurityExceptionMapper"/> > </jaxrs:providers> > <jaxrs:extensionMappings> > <entry key="xml" value="application/xml" /> > </jaxrs:extensionMappings> > </jaxrs:server> > > <bean id="serviceImpl" class="com.foo.auth.test.ServiceImpl" /> > > > <security:http auto-config='true'> > <security:intercept-url pattern="/**" access="ROLE_USER" /> > <security:intercept-url pattern="/" access="ROLE_USER" /> > </security:http> > > > > <security:authentication-manager alias="foo" > > > <security:authentication-provider> > <security:user-service> > <security:user name="bob" password="bobspassword" > authorities="ROLE_USER" /> > <security:user name="foo" password="bar" authorities="ROLE_USER, > ROLE_ADMIN" /> > </security:user-service> > </security:authentication-provider> > </security:authentication-manager> > > > > > > On Mon, Mar 29, 2010 at 6:12 PM, Josh Holtzman <[email protected] > >wrote: > > > > But no luck. > > > > Can you elaborate? I've got spring security filters configured to > > intercept > > requests destined for CXF-based JAX-RS endpoints. How are you deploying > > your sevices, via web.xml [1]? > > > > [1] http://cwiki.apache.org/CXF20DOC/jax-rs.html#JAX-RS-web.xml > > > > Josh > > > > On Mon, Mar 29, 2010 at 2:55 PM, rangeli nepal <[email protected] > > >wrote: > > > > > Hello Everybody, > > > > > > Currently I am using CXF 2.2.6. > > > > > > I am trying to come up with a solution where I intercept every request. > I > > > like to > > > protect my resources in two phase. Once certificate presented during > > > Client > > > auth (SSL cert.) is verified, I like to proceed with presenting login > > > screen. > > > > > > I was thinking of using spring filters. But no luck. > > > I was wondering if some one has any pointers? > > > > > > Thank you. > > > Santos > > > > > >
