THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Span | ||
---|---|---|
| ||
JAX-RS: Security |
...
Table of Contents |
---|
HTTPS
Transport-level protection of JAX-RS endpoints can be managed by underlying Servlet containers, for example, see this Tomcat SSL Configuration section.
...
Code Block | ||||
---|---|---|---|---|
| ||||
public class AuthenticationHandler implements ContainerRequestFilter { @Override public void filter(ContainerRequestContext requestContext) throws IOException { String authorization = requestContext.getHeaderString("Authorization"); String[] parts = authValues.authorization(" "); if (parts.length != 2 || !"Basic".equals(parts[0])) { requestContext.abortWith(createFaultResponse()); return; } String decodedValue = null; try { decodedValue = new String(Base64Utility.decode(parts[1])); } catch (Base64Exception ex) { requestContext.abortWith(createFaultResponse()); return; } String[] namePassword = decodedValue.split(":"); if (isAuthenticated(namePassword[0], namePassword[1])) { // let request to continue } else { // authentication failed, request the authetication, add the realm name if needed to the value of WWW-Authenticate contextrequestContext.abortWith(Response.status(401).header("WWW-Authenticate", "Basic").build()); } } private Response createFaultResponse() { return Response.status(401).header("WWW-Authenticate", "Basic realm=\"service.com\"").build(); } } |
...
Code Block |
---|
grant codeBase "file:${catalina.home}/webapps/yourwebapp/lib/cxf.jar" { permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; }; |
Advanced Security
...
Securing JAX-RS messages
CXF provides a number of different ways to secure XML Security, JAX-RS SAML and messages:
- XML messages can be secured via XML Signature and XML Encryption. See JAX-RS
...
- XML Security for more information.
- Messages can be signed and/or encryption using JOSE. In addition, authentication and authorization can be achieved using JSON Web Tokens. See JAX-RS JOSE for more information.
- Security claims can be conveyed via SAML assertions. See JAX-RS SAML for more information.
- Messages can be signed via HTTP Signature. See JAX-RS HTTP Signature for more information.
OAuth 2.0 / OpenId Connect.
CXF supports both OAuth 2.0 and OpenId Connect:
- See JAX-RS OAuth2 for information about OAuth 2.0.
- See JAX-RS OIDC for information about OpenId Connect.
Restricting large payloads
...