Ok I believe understand your idea about realm. I have added a setter in my
Interceptor :
AbstractBasicAuthAuthorizationInterceptor#setRealName(String realName) which
compute WWW-Authenticate.
Ex : AbstractBasicAuthAuthorizationInterceptor#setRealName("MyRealm") will
returns
WWW-Authenticate: Basic realm="MyRealm"
If no realm defined, WWW-Authenticate is not returned. Is that your idea?
WWW-Authenticate is not required? Do you think we should set a default value
for Realm?
Regards Angelo
2011/6/14 Angelo zerr <[email protected]>
> Hi Sergey,
>
> 2011/6/14 Sergey Beryozkin <[email protected]>
>
>> Hi
>>
>> That interceptor should be more neutral, should' not extend a SOAP
>> interceptor.
>>
>
> Ok, I have done like JAASLoginInterceptor (extends
> AbstractPhaseInterceptor<Message> + constructor initialized with
> super(Phase.UNMARSHAL);) and it works.
>
>
>> The other thing you may want to do is to configure it with a realm
>> name and if it's not set then
>> do not add a realm parameter to the response.
>>
>
> Could you explain me more your idea please.
>
>
>>
>> FYI, CXF ships JAASLoginInterceptor - which will check if Basic (or
>> other similar HTTP Authorization type was set)
>> and then will delegate to JAAS to do the actual authentication:
>> http://cxf.apache.org/docs/security.html#Security-Authentication
>>
>> I propose that you create a patch in rt/core,
>> org.apache.cxf.interceptor.security package, that will make it easier
>> for me to move the relevant code to a rt/security module
>>
>
> My first idea is to create a WTP sample application with my code (I have
> created org.apache.cxf.interceptor.security.basic package) and send you with
> sample which work.
> After I could create a patch if you need.
>
> Regards Angelo
>
>>
>> Thanks, Sergey
>>
>> On Tue, Jun 14, 2011 at 7:38 AM, Angelo zerr <[email protected]>
>> wrote:
>> > Hi Freeman,
>> >
>> > Thank a lot for your answer. I will prepare you a contribution and send
>> you.
>> >
>> > Regards Angelo
>> >
>> > 2011/6/14 Freeman Fang <[email protected]>
>> >
>> >> Hi,
>> >>
>> >> Sure, any contribution is welcome.
>> >>
>> >> And in CXF we also can use jetty security handler to enable basic auth
>> >> which can configure the realm easily, we have a system testcase for
>> it[1],
>> >> you may wanna take a look.
>> >>
>> >> [1]
>> >>
>> https://svn.apache.org/repos/asf/cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/JettyBasicAuthTest.java
>> >> Freeman
>> >>
>> >> On 2011-6-13, at 下午11:34, Angelo zerr wrote:
>> >>
>> >> Hi CXF Team,
>> >>>
>> >>> I would like to manage WebService with HTTP Basic CXF Interceptor and
>> I
>> >>> have
>> >>> not found this interceptor in the CXF. So I have used the great code
>> from
>> >>>
>> >>>
>> http://chrisdail.com/2008/03/31/apache-cxf-with-http-basic-authentication/and
>> >>> it works great.
>> >>> I have noticed that some projects like
>> >>>
>> >>>
>> http://code.google.com/p/fenius/source/browse/trunk/fenius-util/src/main/java/is/glif/fenius/util/BasicAuthAuthorizationInterceptor.java?r=111have
>> >>> used this code and I tell me why CXF doesn't include the
>> >>> BasicAuthAuthorizationInterceptor class?
>> >>>
>> >>> I have modified BasicAuthAuthorizationInterceptor to delegate
>> >>> user/password
>> >>> to another interface implementation and if you wish I could send you
>> my
>> >>> work
>> >>> and tell to the author of the BasicAuthAuthorizationInterceptor if he
>> is
>> >>> OK
>> >>> to contribute to CXF.
>> >>>
>> >>> Thank a lot for your answer.
>> >>>
>> >>> Regards Angelo
>> >>>
>> >>
>> >> ---------------------------------------------
>> >> Freeman Fang
>> >>
>> >> FuseSource
>> >> Email:[email protected]
>> >> Web: fusesource.com
>> >> Twitter: freemanfang
>> >> Blog: http://freemanfang.blogspot.com
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >
>>
>
>
