On 02/04/14 05:02, Kevin Cai wrote:
I think this method (getCurrentMessage()) has been emphasized in 3.0 which is
provided in JAXRSUtils. Right?
No, JAXRSUtils.getCurrentMessage just delegates to the existing
PhaseInterceptorChain method
Sergey
Sergey Beryozkin <[email protected]> 于 2014年4月2日, 星期三, 4:17 上午 写道:
Hi, sorry missed it, if you work with JAX-RS 2.0 filters then you should
get Authorization header from ContainerRequestContainer and parse it
manually.
The CXF specific approach is handy indeed though, PhaseInterceptorChain
won't be changed AFAIK
Sergey
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Response;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.PhaseInterceptorChain;
public class AuthFilter implements ContainerRequestFilter {
@Override
public void filter(ContainerRequestContext req) throws IOException {
System.err.println("filter!");
Message message = PhaseInterceptorChain.getCurrentMessage();
AuthorizationPolicy policy =
(AuthorizationPolicy)message.get(AuthorizationPolicy.class);
if (policy==null){
req.abortWith(Response.status(401).header("WWW-Authenticate", "Basic
realm=\"PTServer\"").build());
return;
}
String username = policy.getUserName();
String password = policy.getPassword();
if ("demo".equals(password)&&"demo".equals(username)) {
return;
}
else{
req.abortWith(Response.status(401).header("WWW-Authenticate", "Basic
realm=\"PTServer\"").build());
}
}
}
then, in the class that extends javax.ws.rs.core.Application, overwrite
public Set<Class<?>> getClasses()
@Override
public Set<Class<?>> getClasses() {
Set<Class<?>> classes = new HashSet<Class<?>>();
classes.add(AuthFilter.class);
return classes;
}
My further question is: is it safe to use
PhaseInterceptorChain.getCurrentMessage()? Will this API be changed in the
future? Is it OK to use this method inside those Jax-rs service method?
Abhijit Sarkar <[email protected]> 于 2014年4月1日, 星期二, 1:43 下午 写道:
Kevin,I had written some code without Spring but JAX-WS, not JAX-RS. If you
want to take a look, here it is.
https://github.com/abhijitsarkar/java-ee/tree/master/webservices/jax-ws/jaxws-instrumentation
Best,Abhijit Sarkar
Date: Mon, 31 Mar 2014 21:29:05 +0800
From: [email protected]
Subject: 回复: How to configure CXF Jas-RS to use RequestHandler without spring
To: [email protected]
Sorry, I mean how to config CXF Jax-rs to use RequestHandler (Filter) to
implement Basic Authentication without Spring. Thanks
Kevin Cai <[email protected]> 于 2014年3月31日, 星期一, 9:26 下午 写道:
Dear all,
Seems that all config docs of CXF are all about config cxf with Spring. I
would like to know how to config CXF Jax-rs to use RequestHandler (Filter) to
implement Basic Authentication. Thanks.
Yours,
Kevin Choi
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
