A much better idea would be to use HTTP Basic Authentication and use JAAS. You could write your own JAAS Login Module to handle the details of authenticating the user credentials.
Colm. On Fri, May 26, 2017 at 2:54 PM, Raffaele Gambelli < [email protected]> wrote: > Because I wanted full control over authentication, for example my users > are in a database, they could be enabled or disabled, database may be > populated on startup, I can choose how hashing password etc... > Well, coming back to my original question, what do you think, is a good > idea using interceptor on that phase? > In case of 401 I do: > Fault fault = new Fault(new HTTPException(401)); > > fault.setMessage("Unauthorized user " + username); > fault.setStatusCode(401); > throw fault; > > Bye > > > Raffaele Gambelli > > > > -----Colm O hEigeartaigh <[email protected]> ha scritto: ----- > Per: "[email protected]" <[email protected]> > Da: Colm O hEigeartaigh <[email protected]> > Data: 26/05/2017 03.43PM > Oggetto: Re: Using PRE_INVOKE AbstractSoapInterceptor to do authentication > check is ok? > > Why not just use basic auth here? > > Colm. > > On Fri, May 26, 2017 at 2:40 PM, Raffaele Gambelli < > [email protected]> wrote: > > > Hi Colm and thanks for your interest. > > > > I'm simply sending username/password via https in form of > > "PROTOCOL_HEADERS" so i get them via Map httpHeaders = (Map) > > message.get(message.PROTOCOL_HEADERS); > > > > Bye > > > > Raffaele Gambelli > > > > > > > > -----Colm O hEigeartaigh <[email protected]> ha scritto: ----- > > Per: "[email protected]" <[email protected]> > > Da: Colm O hEigeartaigh <[email protected]> > > Data: 26/05/2017 03.07PM > > Oggetto: Re: Using PRE_INVOKE AbstractSoapInterceptor to do > authentication > > check is ok? > > > > Where is the username/password coming from? Is it HTTP/BA, WS-Security > > UsernameToken, or something else? > > > > Colm. > > > > On Fri, May 26, 2017 at 1:46 PM, Raffaele Gambelli < > > [email protected]> wrote: > > > > > Hi all, > > > > > > I'm quite newbie in cxf, I've read documentation and some articles but > > > without having found an example of Interceptor usage to do > authentication > > > checks. > > > > > > I've extended AbstractSoapInterceptor, then in its handleMessage I read > > > headers username/password, do my check and return ok or throw > > > HTTPException(401), I've tested it and it works, now I would like to > > > receive some comment from cxf experts to know if it is an acceptable > > > pattern or not. > > > > > > Thanks in advance, bye > > > > > > Raffaele Gambelli > > > > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
