Hi Christian , Thank a lot for your information. In my case I'm using Tomcat and WebSphere but Authentification must be delegate to our own security manager. That's why I need to manage basic autnetification. I don't use Spring to publish my webservice (just with Java code with Endpoint#publish).
Regards Angelo 2011/6/14 Christian Schneider <[email protected]> > Hi Angelo, > > do you run your service in Tomcat or standalone? If you run in tomcat or > any similar servlet container you can setup authnentication and > authorization using the container. Then CXF > will fetch the authenticated principal which you can use in CXF. For > example you can combine this with spring security to do role based > authentication on method level. If you only need authentication based on the > url of the endpoint then the features of the container are often even > enough. > > So for many use cases you donĀ“t need a special interceptor. > > We have an example how to secure a cxf service using camel and spring > security in the Talend Integration Factory examples: > https://github.com/Talend/tif/tree/master/examples/spring-security > > Like said this example also includes camel so it is not exactly what you > want but I think it can be adapted to use cxf only. The main thing is simply > to make sure the spring security authentication is done and to wire in the > processing of jsr 250 annotations. > > This does the spring authentication: > > <filter> > <filter-name>springSecurityFilterChain</filter-name> > > <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> > </filter> > <filter-mapping> > <filter-name>springSecurityFilterChain</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > > > > This enables annotation processing by spring: > > <global-method-security jsr250-annotations="enabled" xmlns=" > http://www.springframework.org/schema/security"/> > > > > Best regards > > Christian > > > Am 13.06.2011 17:34, schrieb Angelo zerr: > > Hi CXF Team, >> >> I would like to manage WebService with HTTP Basic CXF Interceptor and I >> have >> not found this interceptor in the CXF. So I have used the great code from >> >> http://chrisdail.com/2008/03/31/apache-cxf-with-http-basic-authentication/and >> it works great. >> I have noticed that some projects like >> >> http://code.google.com/p/fenius/source/browse/trunk/fenius-util/src/main/java/is/glif/fenius/util/BasicAuthAuthorizationInterceptor.java?r=111have >> used this code and I tell me why CXF doesn't include the >> BasicAuthAuthorizationInterceptor class? >> >> I have modified BasicAuthAuthorizationInterceptor to delegate >> user/password >> to another interface implementation and if you wish I could send you my >> work >> and tell to the author of the BasicAuthAuthorizationInterceptor if he is >> OK >> to contribute to CXF. >> >> Thank a lot for your answer. >> >> Regards Angelo >> >> > > -- > -- > Christian Schneider > http://www.liquid-reality.de > > Open Source Architect > Talend Application Integration Division http://www.talend.com > >
