On Sep 26, 2012, at 11:49 AM, Christophe Collet <[email protected]> wrote:
> Hi all, > > I'm currently trying to implement the Digest Http Authentication on my > server. > > I have already implemented the basic authentication with interceptor based > on Chris Dail Article > <http://chrisdail.com/2008/03/31/apache-cxf-with-http-basic-authentication/> > and it works fine. > > The client side works for both Basic and Digest. ( Based on this thread ) > <http://cxf.547215.n5.nabble.com/JAX-RS-Http-Digest-Authentication-support-td563038.html#a563041> > > > My question is to know if it exists a way to retrieve the > authorizationPolicy for digest directly in the message, as it is done for > Basic. You likely cannot get ALL the information as all the handshaking and such is done at the container level (in Jetty or Tomcat) and thus is not completely available to us. The best we can get is a Principal object. From there, you could get the username. If you need the password and such, you would likely need to cast it to some implementation specific subclass and dig into it. You can currently do a message.get(SecurityContext.class).getUserPrincipal() to retrieve that. I just committed some changes to trunk (will merge back) that would record at least the name and such into a AuthorizationPolicy for the non-BasicAuth cases if a principal is provided. Dan > > i have found that the basic auhtorization policy is created in > org.apache.cxf.transport.http.AbstractHTTPDestination > <http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf/cxf-rt-transports-http/2.6.1/org/apache/cxf/transport/http/AbstractHTTPDestination.java/#AbstractHTTPDestination.getAuthorizationPolicyFromMessage%28java.lang.String%29> > > (BTW the authentication type is not set to basic in this method). > > Is there an already developped interceptor that extract Digest > Authentication ? an evolution of AbstractHTTPDestination ? or another way i > haven't thought of ? > > Regards, > -- > Christophe Collet > > > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Digest-Http-Authentication-problem-on-server-side-tp5714824.html > Sent from the cxf-user mailing list archive at Nabble.com. -- Daniel Kulp [email protected] - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com
