RE: JAX-RS Security - Authentication

Mon, 12 May 2014 04:52:50 -0700 

Hi, 
    Please try with these code:

    @Context
    private org.apache.cxf.jaxrs.ext.MessageContext mc;

    ......
    String userName = mc.getSecurityContext().getUserPrincipal().getName();
    ......
Regards.
Xilai Dai
-----Original Message-----
From: Paul Avijit [mailto:[email protected]] 
Sent: Wednesday, May 07, 2014 6:11 AM
To: [email protected]; Andrei Shakirin
Subject: Re: JAX-RS Security - Authentication

Thanks Andrei.

I have used ContainerRequestFilter and could make it work successfully.

How can I get the username in my service implementation class.

Regards
Paul
On Tuesday, May 6, 2014 6:14 AM, Andrei Shakirin <[email protected]> wrote:
 
Hi,

I assume you mean JAASAuthenticationFilter. 
This filter use JAAS to authenticate users: 
http://en.wikipedia.org/wiki/Java_Authentication_and_Authorization_Service 

You should set up  JAAS configuration for your application server, looks like 
for example so for LDAP:
jaas.config:
ldap {
    com.sun.security.auth.module.LDAPLoginModule required
    initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
    connection.username = cn=Directory Manager
    connection.password = myPassword
    connection.url = ldap://localhost:389
    user.base.dn = ou=employees,dc=example,dc=com
    user.filter = (uid=%u)
    user.search.subtree = true
    role.base.dn = ou=roles,dc=example,dc=com
    role.filter = (member:=uid=%u)
    role.name.attribute = cn
    role.search.subtree = true
    authentication = simple
};

Refer your Application Server documentation to see where jaas configuration 
should be located and which login modules are available.

Alternative you can use non-jaas RequestHandler (ContainerRequestFilter for 
jax-rs 2.0) and authenticate user using other mechanism.

Regards,
Andrei.



> -----Original Message-----
> From: Paul Avijit [mailto:[email protected]]
> Sent: Dienstag, 6. Mai 2014 00:32
> To: [email protected]
> Subject: JAX-RS Security - Authentication
> 
> Hi,
> 
> I have a REST Service which I want to secure by authenticating the 
> user. I have referred the following CXF user guide link:
> http://cxf.apache.org/docs/secure-jax-rs-services.html#SecureJAX-RSSer
> vices-
> Authentication
> 
> In the above link, it describes how to configure authentication filter 
> using jaxrs provider in spring context file.
> 
> The authentication filter has a property, contextName and is 
> configured to use the login context "BookLogin".
> 
> How do I develop and configure this login context in an application server.
> Please help.
> 
> Thanks in advance.
> 
> Regards
> Paul

Reply via email to