Dear Sergey Thanks very much for responding so quickly. I looked up what I could find on CXFServlet and understand that I must deploy it in my web.xml. So that solves the https issue so long as I configure Tomcat SSL etc.
However, I don't think that you're advising me to extend CXFServlet in my code instead of HttpServlet and therefore write normal servlet code. So, given that I am not writing the all-familiar servlet, that leaves me wondering how a service that I implement is going to... (a) perform the HTTP basic auth (b) allow me to access the user-name (I think you called the principal) against the session. Take, for example, the code fragment on pages 175-176 of the Apache CXF Web Development book - the "CategoryService" class. Suppose that all methods require as a pre-condition that the requestor be authenticated. Suppose also that I needed to obtain the user-name in one or all of the methods (e.g. the getCategory method). How would I modify this code to get what I need and what would I need to setup beforehand apart from the deployment of the CXFServlet? (NB we're not Spring guys either I'm afraid) best regards, Rob. -- View this message in context: http://cxf.547215.n5.nabble.com/Simple-Problem-Restful-HTTP-Basic-Auth-over-HTTPS-tp5732594p5732612.html Sent from the cxf-user mailing list archive at Nabble.com.
