Hi Sergey, 2011/6/14 Sergey Beryozkin <[email protected]>
> Hi > > That interceptor should be more neutral, should' not extend a SOAP > interceptor. > Ok, I have done like JAASLoginInterceptor (extends AbstractPhaseInterceptor<Message> + constructor initialized with super(Phase.UNMARSHAL);) and it works. > The other thing you may want to do is to configure it with a realm > name and if it's not set then > do not add a realm parameter to the response. > Could you explain me more your idea please. > > FYI, CXF ships JAASLoginInterceptor - which will check if Basic (or > other similar HTTP Authorization type was set) > and then will delegate to JAAS to do the actual authentication: > http://cxf.apache.org/docs/security.html#Security-Authentication > > I propose that you create a patch in rt/core, > org.apache.cxf.interceptor.security package, that will make it easier > for me to move the relevant code to a rt/security module > My first idea is to create a WTP sample application with my code (I have created org.apache.cxf.interceptor.security.basic package) and send you with sample which work. After I could create a patch if you need. Regards Angelo > > Thanks, Sergey > > On Tue, Jun 14, 2011 at 7:38 AM, Angelo zerr <[email protected]> > wrote: > > Hi Freeman, > > > > Thank a lot for your answer. I will prepare you a contribution and send > you. > > > > Regards Angelo > > > > 2011/6/14 Freeman Fang <[email protected]> > > > >> Hi, > >> > >> Sure, any contribution is welcome. > >> > >> And in CXF we also can use jetty security handler to enable basic auth > >> which can configure the realm easily, we have a system testcase for > it[1], > >> you may wanna take a look. > >> > >> [1] > >> > https://svn.apache.org/repos/asf/cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/JettyBasicAuthTest.java > >> Freeman > >> > >> On 2011-6-13, at 下午11:34, Angelo zerr wrote: > >> > >> Hi CXF Team, > >>> > >>> I would like to manage WebService with HTTP Basic CXF Interceptor and I > >>> have > >>> not found this interceptor in the CXF. So I have used the great code > from > >>> > >>> > http://chrisdail.com/2008/03/31/apache-cxf-with-http-basic-authentication/and > >>> it works great. > >>> I have noticed that some projects like > >>> > >>> > http://code.google.com/p/fenius/source/browse/trunk/fenius-util/src/main/java/is/glif/fenius/util/BasicAuthAuthorizationInterceptor.java?r=111have > >>> used this code and I tell me why CXF doesn't include the > >>> BasicAuthAuthorizationInterceptor class? > >>> > >>> I have modified BasicAuthAuthorizationInterceptor to delegate > >>> user/password > >>> to another interface implementation and if you wish I could send you my > >>> work > >>> and tell to the author of the BasicAuthAuthorizationInterceptor if he > is > >>> OK > >>> to contribute to CXF. > >>> > >>> Thank a lot for your answer. > >>> > >>> Regards Angelo > >>> > >> > >> --------------------------------------------- > >> Freeman Fang > >> > >> FuseSource > >> Email:[email protected] > >> Web: fusesource.com > >> Twitter: freemanfang > >> Blog: http://freemanfang.blogspot.com > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > > >
