Hi
This filter has not been made capable of supporting a FORM-based login -
a long pending issue exists. This is a second question in the last
couple of months about using the filter with FORM-based logins, I'll
actually give a try and see if I can make it work for CXF 3.0.5.
Here are the alternatives:
- Use a servlet level FORM based support
- Consider SAML Web SSO - we support it
OpendIdConnect SSO work is in progress - we have a utility code in place
- I can point to it if it might make sense in your case.
But as I said, I'll see if I can support a filter supporting a form
login, that would definitely simplify the simple SSO management in some
cases...
Thanks, Sergey
On 08/03/15 21:37, Basic Danijel wrote:
Hi all,
I'm currently developing web app running on karaf. The app has the frontend
written in Angular JS and the backend is REST webservice (CXF JAX-RS).
The requirement is that all pages have to be secured. I decided to go with
FORM based authentication (configured in web.xml).
For CXF REST webservice I
use org.apache.cxf.jaxrs.security.JAASAuthenticationFilter (configured in
blueprint.xml).
Both parts are configured to use the same realm.
The problem is the following: when I try to access a protected page, I need
to log in twice (server and cxf authentication).
How can I get rid of this problem, ie. to have only server authentication
(and automatically be authenticated on REST part)?
Btw, if I use BASIC authentication, then one login appears and everything
is working as expected.
Regards,
Danijel
