hi,
i think i've made some progress.
found the following docs:
https://cxf.apache.org/docs/client-http-transport-including-ssl-support.html#ClientHTTPTransport%28includingSSLsupport%29-BasicAuthentication
looks like the conduit is the way to go. Added the following to my client
call:
HTTPConduit conduit = (HTTPConduit) client.getConduit();
HTTPClientPolicy clientPolicy = new HTTPClientPolicy();
AuthorizationPolicy authorization = new AuthorizationPolicy();
authorization.setAuthorizationType("BASIC");
authorization.setUserName("xxx");
authorization.setPassword("xxxx");
this works. would this be a 'best practice' approach? i tested this with
users in different roles etc an only those users in the specified roles
would access the webservice. works with ssl as well. the next step is to use
client-cert authentication.
thanks,
Michael
--
View this message in context:
http://cxf.547215.n5.nabble.com/utilizing-tomcat-authentication-for-webservices-tp5742376p5742400.html
Sent from the cxf-user mailing list archive at Nabble.com.
