Hi
On 18/04/12 23:05, Scott Parkerson wrote:
Is there a way to inject servlet filters into a JAX-RS application
deployed in OSGi without resorting to turning my bundle into a WAR?
Currently, my RESTful application is deployed into Karaf 2.2.5 using CXF
2.4.6, and started using a Spring configuration
(META-INF/spring/bundle-context.xml), like this:
<jaxrs:server address="http://0.0.0.0:${web.serverListenPort}";
beanNames="fooBean barBean">
<jaxrs:inInterceptors>
<ref bean="requestTimeInInterceptor" />
</jaxrs:inInterceptors>
<jaxrs:outInterceptors>
<ref bean="requestTimeOutInterceptor" />
</jaxrs:outInterceptors>
<jaxrs:features>
<cxf:logging />
</jaxrs:features>
</jaxrs:server>
Placeholder web.serverListenPort is resolved using the OSGi
Configuration Manager (META-INF/spring/bundle-context-osgi.xml).
When I deploy my bundle, it starts up Jetty and listens to that port.
What I would like to do is specify a servlet filter (namely, Spring's
DelegatingFilterProxy / springSecurityFilterChain) to sit in front of
CXF without resorting to using web.xml. Is this even possible using pure
Spring, or do I need to write a custom invoker, or something like that?
Using the absolute address bypasses OSGI HttpService, so I'm not sure
how to get Spring Security filters added transparently.
May be you can deploy it as a light web archive, as a web-bundle ? This
way you can still use web.xml but do not have to embed all the libs.
Another option is to go the custom Activator route, where HttpService is
obtained and a custom HTTP context is used, the way Josh H did it for DOSGi:
https://josh.media.berkeley.edu/?p=61
Finally, may be the JAAS and simple authorization filters that are
shipped with CXF might help, instead of having to rely on the more
sophisticated Spring security ? That may or may not work depending on
the actual security requirements
Cheers, Sergey
Cheers, Sergey
--sgp
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
