Why not just use basic auth here? Colm.
On Fri, May 26, 2017 at 2:40 PM, Raffaele Gambelli < [email protected]> wrote: > Hi Colm and thanks for your interest. > > I'm simply sending username/password via https in form of > "PROTOCOL_HEADERS" so i get them via Map httpHeaders = (Map) > message.get(message.PROTOCOL_HEADERS); > > Bye > > Raffaele Gambelli > > > > -----Colm O hEigeartaigh <[email protected]> ha scritto: ----- > Per: "[email protected]" <[email protected]> > Da: Colm O hEigeartaigh <[email protected]> > Data: 26/05/2017 03.07PM > Oggetto: Re: Using PRE_INVOKE AbstractSoapInterceptor to do authentication > check is ok? > > Where is the username/password coming from? Is it HTTP/BA, WS-Security > UsernameToken, or something else? > > Colm. > > On Fri, May 26, 2017 at 1:46 PM, Raffaele Gambelli < > [email protected]> wrote: > > > Hi all, > > > > I'm quite newbie in cxf, I've read documentation and some articles but > > without having found an example of Interceptor usage to do authentication > > checks. > > > > I've extended AbstractSoapInterceptor, then in its handleMessage I read > > headers username/password, do my check and return ok or throw > > HTTPException(401), I've tested it and it works, now I would like to > > receive some comment from cxf experts to know if it is an acceptable > > pattern or not. > > > > Thanks in advance, bye > > > > Raffaele Gambelli > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
