Hi,
Yes, you can check basic authentication in jaxrs:server declaration using
authentication filter.
For example, for using JAAS, configuration looks like:
<jaxrs:server address="/jaas">
<jaxrs:serviceBeans>
<bean
class="org.apache.cxf.systest.jaxrs.security.SecureBookStoreNoAnnotations"/>
</jaxrs:serviceBeans>
<jaxrs:providers>
<ref bean="authenticationFilter"/>
</jaxrs:providers>
</jaxrs:server>
<bean id="authenticationFilter"
class="org.apache.cxf.jaxrs.security.JAASAuthenticationFilter">
<!-- Name of the JAAS Context -->
<property name="contextName" value="BookLogin"/>
<!-- Hint to the filter on how to have Principals representing users and
roles separated
while initializing a SecurityContext -->
<property name="rolePrefix" value="ROLE_"/>
<property name="redirectURI" value="/login.jsp"/>
</bean>
For details see
http://cxf.apache.org/docs/secure-jax-rs-services.html#SecureJAX-RSServices-Authentication
.
Regards,
Andrei.
> -----Original Message-----
> From: blacar [mailto:[email protected]]
> Sent: Mittwoch, 8. Januar 2014 12:33
> To: [email protected]
> Subject: CXF, Spring, Security avoiding web.xml ... possible?
>
> Hi
>
> I am developing a CXF based REST api using spring and embedded jetty.
>
> I know i can expose REST services very easy and clean just declaring the
> service beans in the application context like:
>
> <jaxrs:server id="restfulservices" address="/services">
> <jaxrs:serviceBeans>
> <bean
> class="com.aver.restful.TimeOfTheDayServiceImpl" />
> </jaxrs:serviceBeans>
> <jaxrs:extensionMappings>
> <entry key="json" value="application/json" />
> <entry key="xml" value="application/xml" />
> <entry key="plain" value="text/plan" />
> </jaxrs:extensionMappings>
> <jaxrs:languageMappings />
> </jaxrs:server>
>
> NOW ... i want to add some security (easiest possible way, starting with
> username/password plain text) ... but in all and every examples i've seen
> there is a web.xml for declaring filter, listener, and servlet.
>
> Is there any way to avoid that web.xml file and get everithing i need declared
> in applicationContext?
>
> For example this web.xml made for spring-security:
>
> <?xml version="1.0"?>
> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web
> Application 2.3//EN"
>
> "http://java.sun.com/dtd/web-app_2_3.dtd">
> <web-app>
> <display-name>JAX-RS CXF Application</display-name>
>
> <filter>
> <filter-name>springSecurityFilterChain</filter-name>
>
> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-
> class>
> </filter>
>
> <filter-mapping>
> <filter-name>springSecurityFilterChain</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
>
> <listener>
>
> <listener-
> class>org.springframework.web.context.ContextLoaderListener</listener-
> class>
> </listener>
>
> <listener>
>
> <listener-
> class>org.springframework.web.context.request.RequestContextListener</l
> istener-class>
> </listener>
>
> <servlet>
> <servlet-name>CXFServlet</servlet-name>
>
> <servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
> <load-on-startup>1</load-on-startup>
> </servlet>
>
> <servlet-mapping>
> <servlet-name>CXFServlet</servlet-name>
> <url-pattern>/*</url-pattern>
> </servlet-mapping>
> </web-app>
>
>
> If you can help me it would help me to understand how CXF works.
>
> Thanks in advance,
>
> RBC
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/CXF-Spring-
> Security-avoiding-web-xml-possible-tp5738375.html
> Sent from the cxf-user mailing list archive at Nabble.com.
