Hi Angelo, sorry for a delay, yes, that what I meant Cheers, Sergey
On Tue, Jun 14, 2011 at 10:54 AM, Angelo zerr <[email protected]> wrote: > Ok I believe understand your idea about realm. I have added a setter in my > Interceptor : > > AbstractBasicAuthAuthorizationInterceptor#setRealName(String realName) which > compute WWW-Authenticate. > Ex : AbstractBasicAuthAuthorizationInterceptor#setRealName("MyRealm") will > returns > > WWW-Authenticate: Basic realm="MyRealm" > > If no realm defined, WWW-Authenticate is not returned. Is that your idea? > WWW-Authenticate is not required? Do you think we should set a default value > for Realm? > > Regards Angelo > > 2011/6/14 Angelo zerr <[email protected]> > >> Hi Sergey, >> >> 2011/6/14 Sergey Beryozkin <[email protected]> >> >>> Hi >>> >>> That interceptor should be more neutral, should' not extend a SOAP >>> interceptor. >>> >> >> Ok, I have done like JAASLoginInterceptor (extends >> AbstractPhaseInterceptor<Message> + constructor initialized with >> super(Phase.UNMARSHAL);) and it works. >> >> >>> The other thing you may want to do is to configure it with a realm >>> name and if it's not set then >>> do not add a realm parameter to the response. >>> >> >> Could you explain me more your idea please. >> >> >>> >>> FYI, CXF ships JAASLoginInterceptor - which will check if Basic (or >>> other similar HTTP Authorization type was set) >>> and then will delegate to JAAS to do the actual authentication: >>> http://cxf.apache.org/docs/security.html#Security-Authentication >>> >>> I propose that you create a patch in rt/core, >>> org.apache.cxf.interceptor.security package, that will make it easier >>> for me to move the relevant code to a rt/security module >>> >> >> My first idea is to create a WTP sample application with my code (I have >> created org.apache.cxf.interceptor.security.basic package) and send you with >> sample which work. >> After I could create a patch if you need. >> >> Regards Angelo >> >>> >>> Thanks, Sergey >>> >>> On Tue, Jun 14, 2011 at 7:38 AM, Angelo zerr <[email protected]> >>> wrote: >>> > Hi Freeman, >>> > >>> > Thank a lot for your answer. I will prepare you a contribution and send >>> you. >>> > >>> > Regards Angelo >>> > >>> > 2011/6/14 Freeman Fang <[email protected]> >>> > >>> >> Hi, >>> >> >>> >> Sure, any contribution is welcome. >>> >> >>> >> And in CXF we also can use jetty security handler to enable basic auth >>> >> which can configure the realm easily, we have a system testcase for >>> it[1], >>> >> you may wanna take a look. >>> >> >>> >> [1] >>> >> >>> https://svn.apache.org/repos/asf/cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/JettyBasicAuthTest.java >>> >> Freeman >>> >> >>> >> On 2011-6-13, at 下午11:34, Angelo zerr wrote: >>> >> >>> >> Hi CXF Team, >>> >>> >>> >>> I would like to manage WebService with HTTP Basic CXF Interceptor and >>> I >>> >>> have >>> >>> not found this interceptor in the CXF. So I have used the great code >>> from >>> >>> >>> >>> >>> http://chrisdail.com/2008/03/31/apache-cxf-with-http-basic-authentication/and >>> >>> it works great. >>> >>> I have noticed that some projects like >>> >>> >>> >>> >>> http://code.google.com/p/fenius/source/browse/trunk/fenius-util/src/main/java/is/glif/fenius/util/BasicAuthAuthorizationInterceptor.java?r=111have >>> >>> used this code and I tell me why CXF doesn't include the >>> >>> BasicAuthAuthorizationInterceptor class? >>> >>> >>> >>> I have modified BasicAuthAuthorizationInterceptor to delegate >>> >>> user/password >>> >>> to another interface implementation and if you wish I could send you >>> my >>> >>> work >>> >>> and tell to the author of the BasicAuthAuthorizationInterceptor if he >>> is >>> >>> OK >>> >>> to contribute to CXF. >>> >>> >>> >>> Thank a lot for your answer. >>> >>> >>> >>> Regards Angelo >>> >>> >>> >> >>> >> --------------------------------------------- >>> >> Freeman Fang >>> >> >>> >> FuseSource >>> >> Email:[email protected] >>> >> Web: fusesource.com >>> >> Twitter: freemanfang >>> >> Blog: http://freemanfang.blogspot.com >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> > >>> >> >> > -- Sergey Beryozkin Application Integration Division of Talend http://sberyozkin.blogspot.com
