not sure it would have worked before but it was clearly not consistent with cxf module (yes for soap only) so now both takes almost the same config, that's better
*Romain Manni-Bucau* *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* *Blog: **http://rmannibucau.wordpress.com/*<http://rmannibucau.wordpress.com/> *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* *Github: https://github.com/rmannibucau* 2013/5/14 Chris.Christo <[email protected]> > omg, I figured it out…. > > The only thing I ever needed was 'cxf-rs.auth = BASIC' > > Notice the '-rs' part! I was only adding properties to cxf and not cxf-rs! > > I wonder if I had just added that to begin with before you did any fixes > etc, this would have worked!? > > > So basically I don't even need any of the following: > > openejb.authentication.realmName=PropertiesLogin // don't need this as > this is default I think..? > java.security.auth.login.config=login.config // Don't need this as this is > default > cxf.authMethod = BASIC // for SOAP security not REST I think ?? > cxf.realmName = PropertiesLogin // default I think > > I'm guessing the cxf.* are for web services (SOAP)? > > > This really needs to be documented somewhere, I have read the tomee site > and gone through lots of examples in the code and I didn't find anything > like this. > > Regardless, I'll write a detailed blog post on how to get security working > with rest to hopefully save some other poor soul some time. > > Now, on to the SQLoginModule (as this is really what I need!) > > > Thanks Romain for all your time, I really do appreciate it. > > > Chris Christo > > Twitter: https://twitter.com/ChrisChristo7 > Tumblr: http://chrischristo7.tumblr.com > LinkedIn: http://uk.linkedin.com/in/chrischristo > > On 14 May 2013, at 12:56, Romain Manni-Bucau <[email protected]> > wrote: > > > there was another jira this morning so i guess you are just on an old > > version ;) > > > > *Romain Manni-Bucau* > > *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* > > *Blog: **http://rmannibucau.wordpress.com/*< > http://rmannibucau.wordpress.com/> > > *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* > > *Github: https://github.com/rmannibucau* > > > > > > > > 2013/5/14 Chris.Christo <[email protected]> > > > >> So what exactly did you do? > >> > >> So at first it wasn't working for you? but then you added authMethod = > >> basic to cxf.properties and it worked for you? > >> > >> As far as I understood, the Jira issue fixed just the configuration for > >> the cxf.providers? > >> > >> > >> Chris Christo > >> > >> Twitter: https://twitter.com/ChrisChristo7 > >> Tumblr: http://chrischristo7.tumblr.com > >> LinkedIn: http://uk.linkedin.com/in/chrischristo > >> > >> On 14 May 2013, at 12:36, Romain Manni-Bucau <[email protected]> > >> wrote: > >> > >>> was working this morning, maybe you got a too old snapshot > >>> > >>> *Romain Manni-Bucau* > >>> *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* > >>> *Blog: **http://rmannibucau.wordpress.com/*< > >> http://rmannibucau.wordpress.com/> > >>> *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* > >>> *Github: https://github.com/rmannibucau* > >>> > >>> > >>> > >>> 2013/5/14 Chris.Christo <[email protected]> > >>> > >>>> Thanks for the clarification on the JIRA issue. > >>>> > >>>> ok so I added the following properties to cxf.properties > >>>> > >>>> authMethod = BASIC > >>>> realmName = PropertiesLogin > >>>> > >>>> but still no luck. > >>>> > >>>> We are dealing with a hello world example pretty much and its so > >>>> frustrating not being able to get this to work. :( > >>>> > >>>> > >>>> > >>>> Chris Christo > >>>> > >>>> Twitter: https://twitter.com/ChrisChristo7 > >>>> Tumblr: http://chrischristo7.tumblr.com > >>>> LinkedIn: http://uk.linkedin.com/in/chrischristo > >>>> > >>>> On 14 May 2013, at 06:02, Romain Manni-Bucau <[email protected]> > >>>> wrote: > >>>> > >>>>> Jira is to ensure your original config would always work (was the > case > >>>>> under some conditions) > >>>>> > >>>>> Btw do you use authMethod=basic in conf/conf.d/cxf.properties? > >>>>> Le 14 mai 2013 00:43, "Chris.Christo" <[email protected]> a > >> écrit : > >>>>> > >>>>>> Hi Romain, > >>>>>> > >>>>>> > >>>>>> Ok yeah adding that property solved the exception mapper issue, > thanks > >>>> for > >>>>>> that! > >>>>>> > >>>>>> Yeah from an architectural point of view, I would agree that it does > >>>> make > >>>>>> more sense to define your providers for each app in each of their > own > >>>>>> META-INF/application.properties. > >>>>>> > >>>>>> However I still can't get authorized. > >>>>>> > >>>>>> I try 'curl -G http://john:secret@localhost > :4204/ROOT/example/secure' > >>>> and > >>>>>> I just get 'Unauthorized!'. I don't understand why, I have > >> login.config > >>>> in > >>>>>> conf with PropertiesLogin, have my users.properties and > >>>> group.properties in > >>>>>> conf also, and have the > >>>> 'openejb.authentication.realmName=PropertiesLogin' > >>>>>> property in system.properties. As far as I understand this is pretty > >>>> much > >>>>>> everything I have to do to get security working. > >>>>>> > >>>>>> What am I missing? > >>>>>> > >>>>>> Also can you please explain what you did here: > >>>>>> https://issues.apache.org/jira/browse/TOMEE-931 > >>>>>> > >>>>>> > >>>>>> Thanks, > >>>>>> > >>>>>> Chris Christo > >>>>>> > >>>>>> Twitter: https://twitter.com/ChrisChristo7 > >>>>>> Tumblr: http://chrischristo7.tumblr.com > >>>>>> LinkedIn: http://uk.linkedin.com/in/chrischristo > >>>>>> > >>>>>> > >>>>>> On 13 May 2013, at 19:07, Romain Manni-Bucau <[email protected] > > > >>>>>> wrote: > >>>>>> > >>>>>>> FYI: https://issues.apache.org/jira/browse/TOMEE-931 > >>>>>>> > >>>>>>> *Romain Manni-Bucau* > >>>>>>> *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* > >>>>>>> *Blog: **http://rmannibucau.wordpress.com/*< > >>>>>> http://rmannibucau.wordpress.com/> > >>>>>>> *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* > >>>>>>> *Github: https://github.com/rmannibucau* > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> 2013/5/13 Romain Manni-Bucau <[email protected]> > >>>>>>> > >>>>>>>> adding in system.properties > >>>>>>>> > >>>>>>>> openejb.jaxrs.providers.auto=true > >>>>>>>> > >>>>>>>> will make it work > >>>>>>>> > >>>>>>>> that said a correct packaging (IMO) would be a > >>>>>>>> META-INF/application.properties with the line: > >>>>>>>> > >>>>>>>> openejb.jaxrs.providers=example.EJBAccessExceptionMapper > >>>>>>>> > >>>>>>>> *Romain Manni-Bucau* > >>>>>>>> *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* > >>>>>>>> *Blog: **http://rmannibucau.wordpress.com/*< > >>>>>> http://rmannibucau.wordpress.com/> > >>>>>>>> *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* > >>>>>>>> *Github: https://github.com/rmannibucau* > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> 2013/5/13 Chris.Christo <[email protected]> > >>>>>>>> > >>>>>>>>> Hi, > >>>>>>>>> > >>>>>>>>> I'm trying to setup security access to my rest class. > >>>>>>>>> > >>>>>>>>> You can see below what I have setup. But basically I have a rest > >>>> class > >>>>>>>>> with two methods, one annotated with @RolesAllowed and one not. I > >>>> have > >>>>>> a > >>>>>>>>> groups.properties file, a users.properties file, a login.config > >> file > >>>>>> and a > >>>>>>>>> system.properties file all within the conf/ folder within the > >> server > >>>>>>>>> (OpenEJB standalone 4.6.0-SNAPSHOT) directory. > >>>>>>>>> > >>>>>>>>> I'm using the PropertiesLogin option with JAAS. > >>>>>>>>> > >>>>>>>>> I think I have everything setup correctly, but it doesn't seem to > >>>> work. > >>>>>>>>> When I curl at localhost:4204/ROOT/example/insecure it works > fine, > >>>> but > >>>>>> when > >>>>>>>>> I curl to localhost:4204/ROOT/example/secure (with the correct > >> login > >>>>>>>>> credentials) I keep getting an unauthorised error. > >>>>>>>>> > >>>>>>>>> The other thing is that I have this exception mapper called > >>>>>>>>> 'EJBAccessExceptionMapper' which basically diverts an > >>>>>> EJBAccessException to > >>>>>>>>> respond "Unauthorized!". I have added it to system.properties as > >>>>>>>>> > >>>>>>>>> openejb.cxf.jax-rs.providers=example.EJBAccessExceptionMapper > >>>>>>>>> > >>>>>>>>> but it doesn't get picked up for some reason?? The server throws > an > >>>>>>>>> exception rather than the simple message "Unauthorized!". > >>>>>>>>> > >>>>>>>>> I have attached an example maven project with the below files to > >>>>>>>>> illustrate the problem. There is also a deploy.sh file which > kinda > >>>>>>>>> replicates what the maven-tomee-plugin does (but as a script and > >> for > >>>>>> the > >>>>>>>>> standalone server and not TomEE). It basically creates a copy of > >> the > >>>>>>>>> OpenEJB standalone server within the target directory, copies the > >>>>>> ROOT.jar > >>>>>>>>> (that is created from a mvn package) into apps and also copies > over > >>>> the > >>>>>>>>> src/main/openejb/conf files, and then finally it starts the > server. > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> So basically unzip and run 'mvn package' and then run 'sh > >> deploy.sh'. > >>>>>>>>> (You must have done a mvn install on the > >>>>>> tomee/assembly/openejb-standalone! > >>>>>>>>> prior to this!) > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> *example/ExampleRest.java* > >>>>>>>>> <!-- Begin File --> > >>>>>>>>> @Singleton > >>>>>>>>> @Path("/example") > >>>>>>>>> public class ExampleRest { > >>>>>>>>> > >>>>>>>>> @GET > >>>>>>>>> @Path(value = "/insecure") > >>>>>>>>> public String insecure() { > >>>>>>>>> return "pass"; > >>>>>>>>> } > >>>>>>>>> > >>>>>>>>> @RolesAllowed("admin") > >>>>>>>>> @GET > >>>>>>>>> @Path(value = "/secure") > >>>>>>>>> public String secure() { > >>>>>>>>> return "pass"; > >>>>>>>>> } > >>>>>>>>> } > >>>>>>>>> <!-- End File --> > >>>>>>>>> > >>>>>>>>> *conf/groups.properties:* > >>>>>>>>> <!-- Begin File --> > >>>>>>>>> admin=john > >>>>>>>>> <!-- End File --> > >>>>>>>>> > >>>>>>>>> *conf/users.properties:* > >>>>>>>>> <!-- Begin File --> > >>>>>>>>> john=secret > >>>>>>>>> <!-- End File --> > >>>>>>>>> > >>>>>>>>> *conf/system.properties:* > >>>>>>>>> <!-- Begin File --> > >>>>>>>>> ... > >>>>>>>>> openejb.authentication.realmName=PropertiesLogin > >>>>>>>>> openejb.cxf.jax-rs.providers=example.EJBAccessExceptionMapper > >>>>>>>>> ... > >>>>>>>>> <!-- End File --> > >>>>>>>>> > >>>>>>>>> *conf/login.config:* > >>>>>>>>> <!-- Begin File --> > >>>>>>>>> PropertiesLogin { > >>>>>>>>> org.apache.openejb.core.security.jaas.PropertiesLoginModule > >>>> required > >>>>>>>>> Debug=true > >>>>>>>>> UsersFile="users.properties" > >>>>>>>>> GroupsFile="groups.properties"; > >>>>>>>>> }; > >>>>>>>>> <!-- End File --> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> Chris Christo > >>>>>>>>> > >>>>>>>>> Twitter: https://twitter.com/ChrisChristo7 > >>>>>>>>> Tumblr: http://chrischristo7.tumblr.com > >>>>>>>>> LinkedIn: http://uk.linkedin.com/in/chrischristo > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>> > >>>>>> > >>>>>> > >>>> > >>>> > >> > >> > >
