Hi,
To enable server side HTTP Basic Auth, we need an interceptor to do
it, the basic idea is extract AuthorizationPolicy from the incoming
message and compare the username/password, but it's not so
complicated, here is a good article[1] to show how to do it.
Or another way to configure server side basic auth could be configure
the jetty instance to handle the authentication, as Jetty has a
"SecurityHandler" that can be configured into the handlers via CXF
config.
Hope this helps.
[1]http://chrisdail.com/2008/03/31/apache-cxf-with-http-basic-authentication/
Freeman
On 2010-11-25, at 下午8:51, Schneider Christian wrote:
Hi all,
I already know how to configure security in a servlet environment
but the service uses the built in jetty to open the http port. I
have not yet found any information on how to set up authentication /
authorization in this case.
In my case basic auth against a static set of usernames / passwords
would be enough for authentication.
For authorization a static group would be ok. Ideal would be to get
the group from LDAP.
Can I simply do these configs in the jetty instance somehow?
Best regards
Christian
Christian Schneider
Informationsverarbeitung
Business Solutions
Handel und Dispatching
Tel : +49-(0)721-63-15482
EnBW Systeme Infrastruktur Support GmbH
Sitz der Gesellschaft: Karlsruhe
Handelsregister: Amtsgericht Mannheim ‑ HRB 108550
Vorsitzender des Aufsichtsrats: Dr. Bernhard Beck
Geschäftsführer: Jochen Adenau, Hans-Günther Meier
--
Freeman Fang
------------------------
FuseSource: http://fusesource.com
blog: http://freemanfang.blogspot.com
twitter: http://twitter.com/freemanfang
Apache Servicemix:http://servicemix.apache.org
Apache Cxf: http://cxf.apache.org
Apache Karaf: http://karaf.apache.org
Apache Felix: http://felix.apache.org
