Hi Freeman and Sergey, thanks for your hints already. I am sure one of the approaches will help me for the short run. When doing authentication in tomcat I once used a ServletFilter (javax.servlet.Filter). Is that also possible in our embedded jetty?
As far as I know we use a ServletHandler in the jetty transport. (http://jetty.codehaus.org/jetty/jetty-6/apidocs/org/mortbay/jetty/servlet/ServletHandler.html) In the API documentation I found that filters are not supported. Is that true? I think the great thing about Filters is that they work with all Servlet containers so they would be a generic way of implementing authentication completely outside of the cxf codebase. Which would be a good thing in my opinion. Best regards Christian Christian Schneider Informationsverarbeitung Business Solutions Handel und Dispatching Tel : +49-(0)721-63-15482 EnBW Systeme Infrastruktur Support GmbH Sitz der Gesellschaft: Karlsruhe Handelsregister: Amtsgericht Mannheim HRB 108550 Vorsitzender des Aufsichtsrats: Dr. Bernhard Beck Geschäftsführer: Jochen Adenau, Hans-Günther Meier -----Ursprüngliche Nachricht----- Von: Sergey Beryozkin [mailto:[email protected]] Gesendet: Donnerstag, 25. November 2010 14:59 An: [email protected] Betreff: Re: Authentication / Authorization with with http jetty transport in standalone mode Hi Christian You may also want to check this page : http://docs.codehaus.org/display/JETTY/Realms I did try what is recommended there when using 'mvn jetty:run' to test the web app I was working with and it worked well - there should be a way to express it all using the CXF Jetty config as well (using a handler config as Freeman recommends)... cheers, Sergey On Thu, Nov 25, 2010 at 12:51 PM, Schneider Christian < [email protected]> wrote: > Hi all, > > I already know how to configure security in a servlet environment but the > service uses the built in jetty to open the http port. I have not yet found > any information on how to set up authentication / authorization in this > case. > > In my case basic auth against a static set of usernames / passwords would > be enough for authentication. > For authorization a static group would be ok. Ideal would be to get the > group from LDAP. > > Can I simply do these configs in the jetty instance somehow? > > Best regards > > Christian > > > Christian Schneider > Informationsverarbeitung > Business Solutions > Handel und Dispatching > > Tel : +49-(0)721-63-15482 > > EnBW Systeme Infrastruktur Support GmbH > Sitz der Gesellschaft: Karlsruhe > Handelsregister: Amtsgericht Mannheim - HRB 108550 > Vorsitzender des Aufsichtsrats: Dr. Bernhard Beck > Geschäftsführer: Jochen Adenau, Hans-Günther Meier > > > >
