Could this be implemented by providing a custom "TrustDecider"? I'm going to need to do something similar.
I did find an example of a TrustDecider that uses a CRL or OCSP responder. Perhaps you can use this model. The example is here: http://www.koders.com/java/fid4F11D3469D5DE5A8B762E302874B626FE2CE2729.aspx?s=SelfSignedCert Please let me know if this works for you. Thanks, Duncan >-----Original Message----- >From: Sergey Beryozkin [mailto:[email protected]] >Sent: Thursday, November 25, 2010 8:45 AM >To: [email protected] >Subject: Re: Authentication / Authorization with with http jetty >transport in standalone mode > >Hi Christian > >Unfortunately I don't have an access to the relevant code any more but >awhile back, while working on the JAX-WS TCK passing with a private >jetty-based container, we implemented a custom CXF MessageObserver which >would pass the incoming request via a chain of servlet filters, before >forwarding the request further to the CXF chain. > >I suspect there could be simpler options around, perhaps Spring can be >applied somehow, for example, Josh H has managed to apply spring >security >filters to DOSGI endpoints (with embedded Jetty being used) > >cheers, Sergey > >On Thu, Nov 25, 2010 at 4:25 PM, Schneider Christian < >[email protected]> wrote: > >> Hi Freeman and Sergey, >> >> thanks for your hints already. I am sure one of the approaches will >help me >> for the short run. >> When doing authentication in tomcat I once used a ServletFilter >> (javax.servlet.Filter). Is that also possible in our embedded jetty? >> >> As far as I know we use a ServletHandler in the jetty transport. ( >> http://jetty.codehaus.org/jetty/jetty- >6/apidocs/org/mortbay/jetty/servlet/ServletHandler.html) >> In the API documentation I found that filters are not supported. Is >that >> true? >> >> I think the great thing about Filters is that they work with all >Servlet >> containers so they would be a generic way of implementing >authentication >> completely outside of the cxf codebase. Which would be a good thing in >my >> opinion. >> >> Best regards >> >> Christian >> >> >> >> Christian Schneider >> Informationsverarbeitung >> Business Solutions >> Handel und Dispatching >> >> Tel : +49-(0)721-63-15482 >> >> EnBW Systeme Infrastruktur Support GmbH >> Sitz der Gesellschaft: Karlsruhe >> Handelsregister: Amtsgericht Mannheim HRB 108550 >> Vorsitzender des Aufsichtsrats: Dr. Bernhard Beck >> Geschäftsführer: Jochen Adenau, Hans-Günther Meier >> >> >> -----Ursprüngliche Nachricht----- >> Von: Sergey Beryozkin [mailto:[email protected]] >> Gesendet: Donnerstag, 25. November 2010 14:59 >> An: [email protected] >> Betreff: Re: Authentication / Authorization with with http jetty >transport >> in standalone mode >> >> Hi Christian >> >> You may also want to check this page : >> >> http://docs.codehaus.org/display/JETTY/Realms >> >> I did try what is recommended there when using 'mvn jetty:run' to test >the >> web app I was working with and it worked well - there should be a way >to >> express it all using the CXF Jetty config as well (using a handler >config >> as >> Freeman recommends)... >> >> cheers, Sergey >> >> On Thu, Nov 25, 2010 at 12:51 PM, Schneider Christian < >> [email protected]> wrote: >> >> > Hi all, >> > >> > I already know how to configure security in a servlet environment >but the >> > service uses the built in jetty to open the http port. I have not >yet >> found >> > any information on how to set up authentication / authorization in >this >> > case. >> > >> > In my case basic auth against a static set of usernames / passwords >would >> > be enough for authentication. >> > For authorization a static group would be ok. Ideal would be to get >the >> > group from LDAP. >> > >> > Can I simply do these configs in the jetty instance somehow? >> > >> > Best regards >> > >> > Christian >> > >> > >> > Christian Schneider >> > Informationsverarbeitung >> > Business Solutions >> > Handel und Dispatching >> > >> > Tel : +49-(0)721-63-15482 >> > >> > EnBW Systeme Infrastruktur Support GmbH >> > Sitz der Gesellschaft: Karlsruhe >> > Handelsregister: Amtsgericht Mannheim - HRB 108550 >> > Vorsitzender des Aufsichtsrats: Dr. Bernhard Beck >> > Geschäftsführer: Jochen Adenau, Hans-Günther Meier >> > >> > >> > >> > >>
