Thanks Sergey - I'll now try this stuff out with some codes. rgds
Rob ________________________________ From: Sergey Beryozkin [via CXF] <[email protected]> To: rpd <[email protected]> Sent: Monday, 19 August 2013, 8:58 Subject: Re: Simple Problem - Restful HTTP Basic Auth over HTTPS Hi On 18/08/13 23:30, rpd wrote: > Dear Sergey > > Thanks very much for responding so quickly. I looked up what I could find > on CXFServlet and understand that I must deploy it in my web.xml. So that > solves the https issue so long as I configure Tomcat SSL etc. > > However, I don't think that you're advising me to extend CXFServlet in my > code instead of HttpServlet and therefore write normal servlet code. So, > given that I am not writing the all-familiar servlet, that leaves me > wondering how a service that I implement is going to... CXFServlet is a regular Servlet whose primary goal is to route a current HTTP request to a WS or RS endpoint. My understanding was, you were preferring to keep using Servlet-level declarative security, right ? So I believe you can apply all the security-constraints to CXFServlet, example, tell Tomcat it should do Basic authentication. > > (a) perform the HTTP basic auth See above; using JAAS would be another option > (b) allow me to access the user-name (I think you called the principal) > against the session. > You can inject JAX-RS SecurityContext into your service code and access Principal (and its name) > Take, for example, the code fragment on pages 175-176 of the Apache CXF Web > Development book - the "CategoryService" class. Suppose that all methods > require as a pre-condition that the requestor be authenticated. Suppose also > that I needed to obtain the user-name in one or all of the methods (e.g. the > getCategory method). > > How would I modify this code to get what I need and what would I need to > setup beforehand apart from the deployment of the CXFServlet? (NB we're not > Spring guys either I'm afraid) > I don't own the copy, but I'm hoping what I said above should clarify things more Cheers, Sergey > best regards, Rob. > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Simple-Problem-Restful-HTTP-Basic-Auth-over-HTTPS-tp5732594p5732612.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Sergey Beryozkin Talend Community Coders http://coders.talend.com/ Blog: http://sberyozkin.blogspot.com ________________________________ If you reply to this email, your message will be added to the discussion below:http://cxf.547215.n5.nabble.com/Simple-Problem-Restful-HTTP-Basic-Auth-over-HTTPS-tp5732594p5732628.html To unsubscribe from Simple Problem - Restful HTTP Basic Auth over HTTPS, click here. NAML -- View this message in context: http://cxf.547215.n5.nabble.com/Simple-Problem-Restful-HTTP-Basic-Auth-over-HTTPS-tp5732594p5732635.html Sent from the cxf-user mailing list archive at Nabble.com.
