2011/6/14 Sergey Beryozkin <[email protected]> > Hi Angelo, sorry for a delay, yes, that what I meant >
No problem:) Ok I have implemented this feature. Now I tell me if SecurityContext should be implemented (if Principal is null) for Basic Interceptor like JAASLoginInterceptor which put a SecurityContext. The only question is how set roles? But if we do that we could use afterSimpleAuthorizingInterceptor Regards Angelo > On Tue, Jun 14, 2011 at 10:54 AM, Angelo zerr <[email protected]> > wrote: > > Ok I believe understand your idea about realm. I have added a setter in > my > > Interceptor : > > > > AbstractBasicAuthAuthorizationInterceptor#setRealName(String realName) > which > > compute WWW-Authenticate. > > Ex : AbstractBasicAuthAuthorizationInterceptor#setRealName("MyRealm") > will > > returns > > > > WWW-Authenticate: Basic realm="MyRealm" > > > > If no realm defined, WWW-Authenticate is not returned. Is that your > idea? > > WWW-Authenticate is not required? Do you think we should set a default > value > > for Realm? > > > > Regards Angelo > > > > 2011/6/14 Angelo zerr <[email protected]> > > > >> Hi Sergey, > >> > >> 2011/6/14 Sergey Beryozkin <[email protected]> > >> > >>> Hi > >>> > >>> That interceptor should be more neutral, should' not extend a SOAP > >>> interceptor. > >>> > >> > >> Ok, I have done like JAASLoginInterceptor (extends > >> AbstractPhaseInterceptor<Message> + constructor initialized with > >> super(Phase.UNMARSHAL);) and it works. > >> > >> > >>> The other thing you may want to do is to configure it with a realm > >>> name and if it's not set then > >>> do not add a realm parameter to the response. > >>> > >> > >> Could you explain me more your idea please. > >> > >> > >>> > >>> FYI, CXF ships JAASLoginInterceptor - which will check if Basic (or > >>> other similar HTTP Authorization type was set) > >>> and then will delegate to JAAS to do the actual authentication: > >>> http://cxf.apache.org/docs/security.html#Security-Authentication > >>> > >>> I propose that you create a patch in rt/core, > >>> org.apache.cxf.interceptor.security package, that will make it easier > >>> for me to move the relevant code to a rt/security module > >>> > >> > >> My first idea is to create a WTP sample application with my code (I have > >> created org.apache.cxf.interceptor.security.basic package) and send you > with > >> sample which work. > >> After I could create a patch if you need. > >> > >> Regards Angelo > >> > >>> > >>> Thanks, Sergey > >>> > >>> On Tue, Jun 14, 2011 at 7:38 AM, Angelo zerr <[email protected]> > >>> wrote: > >>> > Hi Freeman, > >>> > > >>> > Thank a lot for your answer. I will prepare you a contribution and > send > >>> you. > >>> > > >>> > Regards Angelo > >>> > > >>> > 2011/6/14 Freeman Fang <[email protected]> > >>> > > >>> >> Hi, > >>> >> > >>> >> Sure, any contribution is welcome. > >>> >> > >>> >> And in CXF we also can use jetty security handler to enable basic > auth > >>> >> which can configure the realm easily, we have a system testcase for > >>> it[1], > >>> >> you may wanna take a look. > >>> >> > >>> >> [1] > >>> >> > >>> > https://svn.apache.org/repos/asf/cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/JettyBasicAuthTest.java > >>> >> Freeman > >>> >> > >>> >> On 2011-6-13, at 下午11:34, Angelo zerr wrote: > >>> >> > >>> >> Hi CXF Team, > >>> >>> > >>> >>> I would like to manage WebService with HTTP Basic CXF Interceptor > and > >>> I > >>> >>> have > >>> >>> not found this interceptor in the CXF. So I have used the great > code > >>> from > >>> >>> > >>> >>> > >>> > http://chrisdail.com/2008/03/31/apache-cxf-with-http-basic-authentication/and > >>> >>> it works great. > >>> >>> I have noticed that some projects like > >>> >>> > >>> >>> > >>> > http://code.google.com/p/fenius/source/browse/trunk/fenius-util/src/main/java/is/glif/fenius/util/BasicAuthAuthorizationInterceptor.java?r=111have > >>> >>> used this code and I tell me why CXF doesn't include the > >>> >>> BasicAuthAuthorizationInterceptor class? > >>> >>> > >>> >>> I have modified BasicAuthAuthorizationInterceptor to delegate > >>> >>> user/password > >>> >>> to another interface implementation and if you wish I could send > you > >>> my > >>> >>> work > >>> >>> and tell to the author of the BasicAuthAuthorizationInterceptor if > he > >>> is > >>> >>> OK > >>> >>> to contribute to CXF. > >>> >>> > >>> >>> Thank a lot for your answer. > >>> >>> > >>> >>> Regards Angelo > >>> >>> > >>> >> > >>> >> --------------------------------------------- > >>> >> Freeman Fang > >>> >> > >>> >> FuseSource > >>> >> Email:[email protected] > >>> >> Web: fusesource.com > >>> >> Twitter: freemanfang > >>> >> Blog: http://freemanfang.blogspot.com > >>> >> > >>> >> > >>> >> > >>> >> > >>> >> > >>> >> > >>> >> > >>> >> > >>> >> > >>> >> > >>> > > >>> > >> > >> > > > > > > -- > Sergey Beryozkin > > Application Integration Division of Talend > http://sberyozkin.blogspot.com >
