I am trying to setup a CXF + Spring + embedded jetty with basic authentication relying on JAAS and i am having problems to connect all pieces.
I want to use the CXF JAASLoginInterceptor that looks very easy to configure so my service definition in the ApplicationContext would look like
<jaxws:endpoint address="/soapService">
<jaxrs:serviceBeans>
<ref bean="serviceImpl" />
</jaxrs:serviceBeans>
<jaxws:inInterceptors>
<ref bean="authenticationInterceptor"/>
</jaxws:inInterceptors>
</jaxws:endpoint>
<bean id="authenticationInterceptor" class="org.apache.cxf.interceptor.security.JAASLoginInterceptor">
<property name="contextName" value="jaasContext"/>
<property name="roleClassifier" value="ROLE_"/>
</bean>
As the doc states: "The JAAS authenticator is configured with the name of the JAAS login context (the one usually specified in the JAAS configuration resource which the server is aware of)"
How can i setup that "JAAS configuration resource" in the most basic way?
Thanks!
At the end it is very easy to do it. The only thing you need is place a file with login modules configuration on the classpath and set the system property "java.security.auth.login.config" pointing to that file.
e.g. a file to enable a property file based authentication:
jaasContext {
org.eclipse.jetty.plus.jaas.spi.PropertyFileLoginModule optional
file="src/main/resources/credentials.props";
};
Note that the contextName in the CXF interceptor is same as in the jaas config file.