Hi Christian, I understand your idea but in our case there is user/password per webservices. Manage authentication with a CXF Interceptor is easy because each there is an instance of Basic Interceptor per webservice instance. The idea is to customize user/password for a webservice with an HTML form which update a DB. We could too ignore the security if we wish.
With Filter I must retrieve the Webservice instance, with CXF interceptor I delegate user/password to my webservice wrapper. Regards Angelo 2011/6/14 Christian Schneider <[email protected]> > Hi Angelo, > > In this case you probably really need to code it. What you might try is to > implement authentication and authorization as servlet filters. So they would > not only be available to cxf but to also to all your other software and even > static files. > > I also thought about writing a server side authentication / authorization > module for cxf some time ago and wondered if it was possible to do based on > filters. The authorization would simply have to block the request if it is > forbidden. In case of basic auth you would not even have to set the > authenticated principal for cxf as it could take it from the basic auth info > like it already does. > > Christian > > > Am 14.06.2011 12:29, schrieb Angelo zerr: > > Hi Christian , >> >> Thank a lot for your information. In my case I'm using Tomcat and >> WebSphere >> but Authentification must be delegate to our own security manager. That's >> why I need to manage basic autnetification. I don't use Spring to publish >> my >> webservice (just with Java code with Endpoint#publish). >> >> Regards Angelo >> >> 2011/6/14 Christian Schneider<[email protected]> >> >> > -- > -- > Christian Schneider > http://www.liquid-reality.de > > Open Source Architect > Talend Application Integration Division http://www.talend.com > >
