I have a almost the same problem, I load de xml file with the security
rules but I receive the Response from the REST service perfectly an status
200 OK. Here it is my config file:
<httpj:engine-factory bus="cxf">
<httpj:engine port="0">
<httpj:threadingParameters minThreads="5"
maxThreads="15" />
<httpj:handlers>
<bean
class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<property name="loginService"
ref="securityLoginService" />
<property name="constraintMappings">
<list>
<ref bean="securityConstraintMapping" />
</list>
</property>
</bean>
</httpj:handlers>
</httpj:engine>
</httpj:engine-factory>
<bean id="securityLoginService"
class="org.eclipse.jetty.security.HashLoginService">
<property name="name" value="WSRealm" />
<property name="config"
value="src/es/uned/scc/related/cserver/ws/configuration/jetty-realm.properties"
/>
</bean>
<bean id="securityConstraint"
class="org.eclipse.jetty.http.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="admin" />
<property name="authenticate" value="true" />
</bean>
<bean id="securityConstraintMapping"
class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="securityConstraint" />
<property name="pathSpec" value="/*" />
</bean>
</beans>
and my code:
static{
// set the configuration file
SpringBusFactory factory = new SpringBusFactory();
Bus bus =
factory.createBus("src/es/uned/scc/related/cserver/ws/configuration/server-sec-bean.xml");
BusFactory.setDefaultBus(bus);
}
private String address;
private JAXRSServerFactoryBean sf;
private Server server;
public RLABJettyREST(String url, Integer port){
address = url + ":"+ port.toString() + "/";
}
public void start() throws Exception{
if (sf == null){
sf = new JAXRSServerFactoryBean();
sf.setResourceClasses(RLABSystemWSRest.class);
sf.setResourceProvider(RLABSystemWSRest.class,
new SingletonResourceProvider(new RLABSystemWSRest()));
sf.setAddress(address);
server = sf.create();
I tried to test doing the configuration via code, but using
JAXRSServerFactoryBean I not able to see how to add handlers to server,
thanks,
Juanjo.
2012/10/8 gasius <[email protected]>
> That is not true at least using soapUI tool. I receive "Error 401
> Unauthorized" after removing username and password from endpoint just after
> successful request using basic authentication. But for the second endpoint
> there is no matter if I add or remove credentials, or even add credentials
> of banned role - I always receive HTTP 200 OK.
>
> Also I performed another test. I entered URL of the first endpoint in web
> browser. When basic authentication dialog appeared I clicked "Cancel"
> button. Then in same window I entered URL of 2nd endpoint and it opened
> WSDL
> page without any authentication request. After that again I tried 1st URL
> and received BA dialog. So I'm sure that my second endpoint is not
> protected
> even pathSpec is defined with value="/*".
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Basic-authentication-works-only-for-the-first-deployed-application-tp5715963p5716035.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
