Re: Simple Problem - Restful HTTP Basic Auth over HTTPS

Sun, 18 Aug 2013 10:12:27 -0700 

Hi

Thanks for your query,
On 18/08/13 13:25, rpd wrote:

Hi

We're trying to evaluate CXF for our project at the moment - so are not
really into it yet.  So it may be that we're missing a blindingly obvious
answer to the following.

We want to create a series of restful web-services and will be using Tomcat
7.  Probably most if not all services will be using HTTPS and will require
basic HTTP auth.  If doing this with servlets it would be simple.  Configure
the HTTPS connector in server.xml mostly takes care of the HTTPS part.
Create a database table of users then use a Tomcat JDBCRealm so that the
users/credentials are accessible by Tomcat. Annotate every servlet that
needs to be authenticated. Tomcat then associates the user with the session
once authenticated or sends back a 401 message if not.

With CXF it's really not clear how this well-trodden process should work at
all and it's a real sticking point for us. The posts and documentation I
have read seems to suggest all manner of very complex solutions to this
simple problem (including request-handlers, interceptors, JAAS, Spring
security). This makes is think that we're missing something obvious.
First of all, if you prefer, you can continue using the existing Tomcat configuration with CXF, and specifically with CXFServlet.
CXF will make the authenticated Principal available to the web service application (via Security context).
CXF can make it easy to use JAAS LoginModules but you do not have to use JAAS if you do not need to. 

Then you can use simple Authorization support if needed:

http://cxf.apache.org/docs/security.html#Security-Authorization,

etc

Does it help a bit ?

Cheers, Sergey



Any advice as to how to approach as to how to address this simple problem
would be most gratefully received.

Thanks.

Rob



--
View this message in context: 
http://cxf.547215.n5.nabble.com/Simple-Problem-Restful-HTTP-Basic-Auth-over-HTTPS-tp5732594.html
Sent from the cxf-user mailing list archive at Nabble.com.




--
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Blog: http://sberyozkin.blogspot.com

Reply via email to