The current http-jetty transport subclasses the AbstractHandler stuff directly and doesn't really implement any of the Servlet things. I kind of keep thinking that it would be good to re-write it to leverage the Servlet transport and then use the Jetty ServletHandler (and thus the filters can be configured in), but nothing that's been a high enough priority to really pursue it.
Dan On Thursday 25 November 2010 11:25:44 am Schneider Christian wrote: > Hi Freeman and Sergey, > > thanks for your hints already. I am sure one of the approaches will help me > for the short run. When doing authentication in tomcat I once used a > ServletFilter (javax.servlet.Filter). Is that also possible in our > embedded jetty? > > As far as I know we use a ServletHandler in the jetty transport. > (http://jetty.codehaus.org/jetty/jetty-6/apidocs/org/mortbay/jetty/servlet > /ServletHandler.html) In the API documentation I found that filters are not > supported. Is that true? > > I think the great thing about Filters is that they work with all Servlet > containers so they would be a generic way of implementing authentication > completely outside of the cxf codebase. Which would be a good thing in my > opinion. > > Best regards > > Christian > > > > Christian Schneider > Informationsverarbeitung > Business Solutions > Handel und Dispatching > > Tel : +49-(0)721-63-15482 > > EnBW Systeme Infrastruktur Support GmbH > Sitz der Gesellschaft: Karlsruhe > Handelsregister: Amtsgericht Mannheim HRB 108550 > Vorsitzender des Aufsichtsrats: Dr. Bernhard Beck > Geschäftsführer: Jochen Adenau, Hans-Günther Meier > > > -----Ursprüngliche Nachricht----- > Von: Sergey Beryozkin [mailto:[email protected]] > Gesendet: Donnerstag, 25. November 2010 14:59 > An: [email protected] > Betreff: Re: Authentication / Authorization with with http jetty transport > in standalone mode > > Hi Christian > > You may also want to check this page : > > http://docs.codehaus.org/display/JETTY/Realms > > I did try what is recommended there when using 'mvn jetty:run' to test the > web app I was working with and it worked well - there should be a way to > express it all using the CXF Jetty config as well (using a handler config > as Freeman recommends)... > > cheers, Sergey > > On Thu, Nov 25, 2010 at 12:51 PM, Schneider Christian < > > [email protected]> wrote: > > Hi all, > > > > I already know how to configure security in a servlet environment but the > > service uses the built in jetty to open the http port. I have not yet > > found any information on how to set up authentication / authorization in > > this case. > > > > In my case basic auth against a static set of usernames / passwords would > > be enough for authentication. > > For authorization a static group would be ok. Ideal would be to get the > > group from LDAP. > > > > Can I simply do these configs in the jetty instance somehow? > > > > Best regards > > > > Christian > > > > > > Christian Schneider > > Informationsverarbeitung > > Business Solutions > > Handel und Dispatching > > > > Tel : +49-(0)721-63-15482 > > > > EnBW Systeme Infrastruktur Support GmbH > > Sitz der Gesellschaft: Karlsruhe > > Handelsregister: Amtsgericht Mannheim - HRB 108550 > > Vorsitzender des Aufsichtsrats: Dr. Bernhard Beck > > Geschäftsführer: Jochen Adenau, Hans-Günther Meier -- Daniel Kulp [email protected] http://dankulp.com/blog
