THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
| Span | ||
|---|---|---|
| ||
| JAX-RS: Security |
...
| Table of Contents |
|---|
HTTPS
Transport-level protection of JAX-RS endpoints can be managed by underlying Servlet containers, for example, see this Tomcat SSL Configuration section.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
public class AuthenticationHandler implements ContainerRequestFilter {
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
String authorization = requestContext.getHeaderString("Authorization");
String[] parts = authValues.authorization(" ");
if (parts.length != 2 || !"Basic".equals(parts[0])) {
requestContext.abortWith(createFaultResponse());
return;
}
String decodedValue = null;
try {
decodedValue = new String(Base64Utility.decode(parts[1]));
} catch (Base64Exception ex) {
requestContext.abortWith(createFaultResponse());
return;
}
String[] namePassword = decodedValue.split(":");
if (isAuthenticated(namePassword[0], namePassword[1])) {
// let request to continue
} else {
// authentication failed, request the authetication, add the realm name if needed to the value of WWW-Authenticate
contextrequestContext.abortWith(Response.status(401).header("WWW-Authenticate", "Basic").build());
}
}
private Response createFaultResponse() {
return Response.status(401).header("WWW-Authenticate", "Basic realm=\"service.com\"").build();
}
}
|
...
| Code Block |
|---|
grant codeBase "file:${catalina.home}/webapps/yourwebapp/lib/cxf.jar" {
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};
|
Advanced Security
...
Securing JAX-RS messages
CXF provides a number of different ways to secure XML Security, JAX-RS SAML and messages:
- XML messages can be secured via XML Signature and XML Encryption. See JAX-RS
...
- XML Security for more information.
- Messages can be signed and/or encryption using JOSE. In addition, authentication and authorization can be achieved using JSON Web Tokens. See JAX-RS JOSE for more information.
- Security claims can be conveyed via SAML assertions. See JAX-RS SAML for more information.
- Messages can be signed via HTTP Signature. See JAX-RS HTTP Signature for more information.
OAuth 2.0 / OpenId Connect.
CXF supports both OAuth 2.0 and OpenId Connect:
- See JAX-RS OAuth2 for information about OAuth 2.0.
- See JAX-RS OIDC for information about OpenId Connect.
Restricting large payloads
...