Can you create a small test case and attach to a JIRA? Dan
On Oct 9, 2012, at 2:57 AM, Juan José Pérez Consuegra <[email protected]> wrote: > I have a almost the same problem, I load de xml file with the security > rules but I receive the Response from the REST service perfectly an status > 200 OK. Here it is my config file: > > <httpj:engine-factory bus="cxf"> > <httpj:engine port="0"> > <httpj:threadingParameters minThreads="5" > maxThreads="15" /> > <httpj:handlers> > <bean > class="org.eclipse.jetty.security.ConstraintSecurityHandler"> > <property name="loginService" > ref="securityLoginService" /> > <property name="constraintMappings"> > <list> > <ref bean="securityConstraintMapping" /> > </list> > </property> > </bean> > </httpj:handlers> > </httpj:engine> > </httpj:engine-factory> > > <bean id="securityLoginService" > class="org.eclipse.jetty.security.HashLoginService"> > <property name="name" value="WSRealm" /> > <property name="config" > value="src/es/uned/scc/related/cserver/ws/configuration/jetty-realm.properties" > /> > </bean> > > <bean id="securityConstraint" > class="org.eclipse.jetty.http.security.Constraint"> > <property name="name" value="BASIC" /> > <property name="roles" value="admin" /> > <property name="authenticate" value="true" /> > </bean> > > <bean id="securityConstraintMapping" > class="org.eclipse.jetty.security.ConstraintMapping"> > <property name="constraint" ref="securityConstraint" /> > <property name="pathSpec" value="/*" /> > </bean> > </beans> > > and my code: > > static{ > // set the configuration file > SpringBusFactory factory = new SpringBusFactory(); > Bus bus = > factory.createBus("src/es/uned/scc/related/cserver/ws/configuration/server-sec-bean.xml"); > BusFactory.setDefaultBus(bus); > } > > private String address; > > private JAXRSServerFactoryBean sf; > private Server server; > > public RLABJettyREST(String url, Integer port){ > > address = url + ":"+ port.toString() + "/"; > > } > > public void start() throws Exception{ > if (sf == null){ > sf = new JAXRSServerFactoryBean(); > sf.setResourceClasses(RLABSystemWSRest.class); > sf.setResourceProvider(RLABSystemWSRest.class, > new SingletonResourceProvider(new RLABSystemWSRest())); > sf.setAddress(address); > > server = sf.create(); > > I tried to test doing the configuration via code, but using > JAXRSServerFactoryBean I not able to see how to add handlers to server, > > thanks, > > Juanjo. > > > 2012/10/8 gasius <[email protected]> > >> That is not true at least using soapUI tool. I receive "Error 401 >> Unauthorized" after removing username and password from endpoint just after >> successful request using basic authentication. But for the second endpoint >> there is no matter if I add or remove credentials, or even add credentials >> of banned role - I always receive HTTP 200 OK. >> >> Also I performed another test. I entered URL of the first endpoint in web >> browser. When basic authentication dialog appeared I clicked "Cancel" >> button. Then in same window I entered URL of 2nd endpoint and it opened >> WSDL >> page without any authentication request. After that again I tried 1st URL >> and received BA dialog. So I'm sure that my second endpoint is not >> protected >> even pathSpec is defined with value="/*". >> >> >> >> -- >> View this message in context: >> http://cxf.547215.n5.nabble.com/Basic-authentication-works-only-for-the-first-deployed-application-tp5715963p5716035.html >> Sent from the cxf-user mailing list archive at Nabble.com. >> -- Daniel Kulp [email protected] - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com
