Hi Christian Unfortunately I don't have an access to the relevant code any more but awhile back, while working on the JAX-WS TCK passing with a private jetty-based container, we implemented a custom CXF MessageObserver which would pass the incoming request via a chain of servlet filters, before forwarding the request further to the CXF chain.
I suspect there could be simpler options around, perhaps Spring can be applied somehow, for example, Josh H has managed to apply spring security filters to DOSGI endpoints (with embedded Jetty being used) cheers, Sergey On Thu, Nov 25, 2010 at 4:25 PM, Schneider Christian < [email protected]> wrote: > Hi Freeman and Sergey, > > thanks for your hints already. I am sure one of the approaches will help me > for the short run. > When doing authentication in tomcat I once used a ServletFilter > (javax.servlet.Filter). Is that also possible in our embedded jetty? > > As far as I know we use a ServletHandler in the jetty transport. ( > http://jetty.codehaus.org/jetty/jetty-6/apidocs/org/mortbay/jetty/servlet/ServletHandler.html) > In the API documentation I found that filters are not supported. Is that > true? > > I think the great thing about Filters is that they work with all Servlet > containers so they would be a generic way of implementing authentication > completely outside of the cxf codebase. Which would be a good thing in my > opinion. > > Best regards > > Christian > > > > Christian Schneider > Informationsverarbeitung > Business Solutions > Handel und Dispatching > > Tel : +49-(0)721-63-15482 > > EnBW Systeme Infrastruktur Support GmbH > Sitz der Gesellschaft: Karlsruhe > Handelsregister: Amtsgericht Mannheim HRB 108550 > Vorsitzender des Aufsichtsrats: Dr. Bernhard Beck > Geschäftsführer: Jochen Adenau, Hans-Günther Meier > > > -----Ursprüngliche Nachricht----- > Von: Sergey Beryozkin [mailto:[email protected]] > Gesendet: Donnerstag, 25. November 2010 14:59 > An: [email protected] > Betreff: Re: Authentication / Authorization with with http jetty transport > in standalone mode > > Hi Christian > > You may also want to check this page : > > http://docs.codehaus.org/display/JETTY/Realms > > I did try what is recommended there when using 'mvn jetty:run' to test the > web app I was working with and it worked well - there should be a way to > express it all using the CXF Jetty config as well (using a handler config > as > Freeman recommends)... > > cheers, Sergey > > On Thu, Nov 25, 2010 at 12:51 PM, Schneider Christian < > [email protected]> wrote: > > > Hi all, > > > > I already know how to configure security in a servlet environment but the > > service uses the built in jetty to open the http port. I have not yet > found > > any information on how to set up authentication / authorization in this > > case. > > > > In my case basic auth against a static set of usernames / passwords would > > be enough for authentication. > > For authorization a static group would be ok. Ideal would be to get the > > group from LDAP. > > > > Can I simply do these configs in the jetty instance somehow? > > > > Best regards > > > > Christian > > > > > > Christian Schneider > > Informationsverarbeitung > > Business Solutions > > Handel und Dispatching > > > > Tel : +49-(0)721-63-15482 > > > > EnBW Systeme Infrastruktur Support GmbH > > Sitz der Gesellschaft: Karlsruhe > > Handelsregister: Amtsgericht Mannheim - HRB 108550 > > Vorsitzender des Aufsichtsrats: Dr. Bernhard Beck > > Geschäftsführer: Jochen Adenau, Hans-Günther Meier > > > > > > > > >
