omg, I figured it out…. The only thing I ever needed was 'cxf-rs.auth = BASIC'
Notice the '-rs' part! I was only adding properties to cxf and not cxf-rs! I wonder if I had just added that to begin with before you did any fixes etc, this would have worked!? So basically I don't even need any of the following: openejb.authentication.realmName=PropertiesLogin // don't need this as this is default I think..? java.security.auth.login.config=login.config // Don't need this as this is default cxf.authMethod = BASIC // for SOAP security not REST I think ?? cxf.realmName = PropertiesLogin // default I think I'm guessing the cxf.* are for web services (SOAP)? This really needs to be documented somewhere, I have read the tomee site and gone through lots of examples in the code and I didn't find anything like this. Regardless, I'll write a detailed blog post on how to get security working with rest to hopefully save some other poor soul some time. Now, on to the SQLoginModule (as this is really what I need!) Thanks Romain for all your time, I really do appreciate it. Chris Christo Twitter: https://twitter.com/ChrisChristo7 Tumblr: http://chrischristo7.tumblr.com LinkedIn: http://uk.linkedin.com/in/chrischristo On 14 May 2013, at 12:56, Romain Manni-Bucau <[email protected]> wrote: > there was another jira this morning so i guess you are just on an old > version ;) > > *Romain Manni-Bucau* > *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* > *Blog: **http://rmannibucau.wordpress.com/*<http://rmannibucau.wordpress.com/> > *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* > *Github: https://github.com/rmannibucau* > > > > 2013/5/14 Chris.Christo <[email protected]> > >> So what exactly did you do? >> >> So at first it wasn't working for you? but then you added authMethod = >> basic to cxf.properties and it worked for you? >> >> As far as I understood, the Jira issue fixed just the configuration for >> the cxf.providers? >> >> >> Chris Christo >> >> Twitter: https://twitter.com/ChrisChristo7 >> Tumblr: http://chrischristo7.tumblr.com >> LinkedIn: http://uk.linkedin.com/in/chrischristo >> >> On 14 May 2013, at 12:36, Romain Manni-Bucau <[email protected]> >> wrote: >> >>> was working this morning, maybe you got a too old snapshot >>> >>> *Romain Manni-Bucau* >>> *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* >>> *Blog: **http://rmannibucau.wordpress.com/*< >> http://rmannibucau.wordpress.com/> >>> *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* >>> *Github: https://github.com/rmannibucau* >>> >>> >>> >>> 2013/5/14 Chris.Christo <[email protected]> >>> >>>> Thanks for the clarification on the JIRA issue. >>>> >>>> ok so I added the following properties to cxf.properties >>>> >>>> authMethod = BASIC >>>> realmName = PropertiesLogin >>>> >>>> but still no luck. >>>> >>>> We are dealing with a hello world example pretty much and its so >>>> frustrating not being able to get this to work. :( >>>> >>>> >>>> >>>> Chris Christo >>>> >>>> Twitter: https://twitter.com/ChrisChristo7 >>>> Tumblr: http://chrischristo7.tumblr.com >>>> LinkedIn: http://uk.linkedin.com/in/chrischristo >>>> >>>> On 14 May 2013, at 06:02, Romain Manni-Bucau <[email protected]> >>>> wrote: >>>> >>>>> Jira is to ensure your original config would always work (was the case >>>>> under some conditions) >>>>> >>>>> Btw do you use authMethod=basic in conf/conf.d/cxf.properties? >>>>> Le 14 mai 2013 00:43, "Chris.Christo" <[email protected]> a >> écrit : >>>>> >>>>>> Hi Romain, >>>>>> >>>>>> >>>>>> Ok yeah adding that property solved the exception mapper issue, thanks >>>> for >>>>>> that! >>>>>> >>>>>> Yeah from an architectural point of view, I would agree that it does >>>> make >>>>>> more sense to define your providers for each app in each of their own >>>>>> META-INF/application.properties. >>>>>> >>>>>> However I still can't get authorized. >>>>>> >>>>>> I try 'curl -G http://john:secret@localhost:4204/ROOT/example/secure' >>>> and >>>>>> I just get 'Unauthorized!'. I don't understand why, I have >> login.config >>>> in >>>>>> conf with PropertiesLogin, have my users.properties and >>>> group.properties in >>>>>> conf also, and have the >>>> 'openejb.authentication.realmName=PropertiesLogin' >>>>>> property in system.properties. As far as I understand this is pretty >>>> much >>>>>> everything I have to do to get security working. >>>>>> >>>>>> What am I missing? >>>>>> >>>>>> Also can you please explain what you did here: >>>>>> https://issues.apache.org/jira/browse/TOMEE-931 >>>>>> >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Chris Christo >>>>>> >>>>>> Twitter: https://twitter.com/ChrisChristo7 >>>>>> Tumblr: http://chrischristo7.tumblr.com >>>>>> LinkedIn: http://uk.linkedin.com/in/chrischristo >>>>>> >>>>>> >>>>>> On 13 May 2013, at 19:07, Romain Manni-Bucau <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> FYI: https://issues.apache.org/jira/browse/TOMEE-931 >>>>>>> >>>>>>> *Romain Manni-Bucau* >>>>>>> *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* >>>>>>> *Blog: **http://rmannibucau.wordpress.com/*< >>>>>> http://rmannibucau.wordpress.com/> >>>>>>> *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* >>>>>>> *Github: https://github.com/rmannibucau* >>>>>>> >>>>>>> >>>>>>> >>>>>>> 2013/5/13 Romain Manni-Bucau <[email protected]> >>>>>>> >>>>>>>> adding in system.properties >>>>>>>> >>>>>>>> openejb.jaxrs.providers.auto=true >>>>>>>> >>>>>>>> will make it work >>>>>>>> >>>>>>>> that said a correct packaging (IMO) would be a >>>>>>>> META-INF/application.properties with the line: >>>>>>>> >>>>>>>> openejb.jaxrs.providers=example.EJBAccessExceptionMapper >>>>>>>> >>>>>>>> *Romain Manni-Bucau* >>>>>>>> *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* >>>>>>>> *Blog: **http://rmannibucau.wordpress.com/*< >>>>>> http://rmannibucau.wordpress.com/> >>>>>>>> *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* >>>>>>>> *Github: https://github.com/rmannibucau* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> 2013/5/13 Chris.Christo <[email protected]> >>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> I'm trying to setup security access to my rest class. >>>>>>>>> >>>>>>>>> You can see below what I have setup. But basically I have a rest >>>> class >>>>>>>>> with two methods, one annotated with @RolesAllowed and one not. I >>>> have >>>>>> a >>>>>>>>> groups.properties file, a users.properties file, a login.config >> file >>>>>> and a >>>>>>>>> system.properties file all within the conf/ folder within the >> server >>>>>>>>> (OpenEJB standalone 4.6.0-SNAPSHOT) directory. >>>>>>>>> >>>>>>>>> I'm using the PropertiesLogin option with JAAS. >>>>>>>>> >>>>>>>>> I think I have everything setup correctly, but it doesn't seem to >>>> work. >>>>>>>>> When I curl at localhost:4204/ROOT/example/insecure it works fine, >>>> but >>>>>> when >>>>>>>>> I curl to localhost:4204/ROOT/example/secure (with the correct >> login >>>>>>>>> credentials) I keep getting an unauthorised error. >>>>>>>>> >>>>>>>>> The other thing is that I have this exception mapper called >>>>>>>>> 'EJBAccessExceptionMapper' which basically diverts an >>>>>> EJBAccessException to >>>>>>>>> respond "Unauthorized!". I have added it to system.properties as >>>>>>>>> >>>>>>>>> openejb.cxf.jax-rs.providers=example.EJBAccessExceptionMapper >>>>>>>>> >>>>>>>>> but it doesn't get picked up for some reason?? The server throws an >>>>>>>>> exception rather than the simple message "Unauthorized!". >>>>>>>>> >>>>>>>>> I have attached an example maven project with the below files to >>>>>>>>> illustrate the problem. There is also a deploy.sh file which kinda >>>>>>>>> replicates what the maven-tomee-plugin does (but as a script and >> for >>>>>> the >>>>>>>>> standalone server and not TomEE). It basically creates a copy of >> the >>>>>>>>> OpenEJB standalone server within the target directory, copies the >>>>>> ROOT.jar >>>>>>>>> (that is created from a mvn package) into apps and also copies over >>>> the >>>>>>>>> src/main/openejb/conf files, and then finally it starts the server. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> So basically unzip and run 'mvn package' and then run 'sh >> deploy.sh'. >>>>>>>>> (You must have done a mvn install on the >>>>>> tomee/assembly/openejb-standalone! >>>>>>>>> prior to this!) >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> *example/ExampleRest.java* >>>>>>>>> <!-- Begin File --> >>>>>>>>> @Singleton >>>>>>>>> @Path("/example") >>>>>>>>> public class ExampleRest { >>>>>>>>> >>>>>>>>> @GET >>>>>>>>> @Path(value = "/insecure") >>>>>>>>> public String insecure() { >>>>>>>>> return "pass"; >>>>>>>>> } >>>>>>>>> >>>>>>>>> @RolesAllowed("admin") >>>>>>>>> @GET >>>>>>>>> @Path(value = "/secure") >>>>>>>>> public String secure() { >>>>>>>>> return "pass"; >>>>>>>>> } >>>>>>>>> } >>>>>>>>> <!-- End File --> >>>>>>>>> >>>>>>>>> *conf/groups.properties:* >>>>>>>>> <!-- Begin File --> >>>>>>>>> admin=john >>>>>>>>> <!-- End File --> >>>>>>>>> >>>>>>>>> *conf/users.properties:* >>>>>>>>> <!-- Begin File --> >>>>>>>>> john=secret >>>>>>>>> <!-- End File --> >>>>>>>>> >>>>>>>>> *conf/system.properties:* >>>>>>>>> <!-- Begin File --> >>>>>>>>> ... >>>>>>>>> openejb.authentication.realmName=PropertiesLogin >>>>>>>>> openejb.cxf.jax-rs.providers=example.EJBAccessExceptionMapper >>>>>>>>> ... >>>>>>>>> <!-- End File --> >>>>>>>>> >>>>>>>>> *conf/login.config:* >>>>>>>>> <!-- Begin File --> >>>>>>>>> PropertiesLogin { >>>>>>>>> org.apache.openejb.core.security.jaas.PropertiesLoginModule >>>> required >>>>>>>>> Debug=true >>>>>>>>> UsersFile="users.properties" >>>>>>>>> GroupsFile="groups.properties"; >>>>>>>>> }; >>>>>>>>> <!-- End File --> >>>>>>>>> >>>>>>>>> >>>>>>>>> Chris Christo >>>>>>>>> >>>>>>>>> Twitter: https://twitter.com/ChrisChristo7 >>>>>>>>> Tumblr: http://chrischristo7.tumblr.com >>>>>>>>> LinkedIn: http://uk.linkedin.com/in/chrischristo >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>> >>>>>> >>>> >>>> >> >>
