HTTP Basic Authentication with Apache CXF Revisited

August 13, 2008 chris 7 comments

I receive a lot of traffic to my post about HTTP Basic Authentication in Apache CXF. I decided to do a followup to that post to address some of the comments.

I have never tried to use this with Mule but if someone has, please let me know so I can update this post.

I have uploaded the Java code for the BasicAuthAuthorizationInterceptor class. There are a few changes over the original version. This one includes a Map of authorized users and their corresponding passwords. I believe the original example I created was for Apache CXF 2.0. This version works with Apache CXF 2.1.1.

In the original post, I also did not include a sample of how to use this code in a real application. The following section shows a sample of how to define the security interceptor and enable it on a simple endpoint.


<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:jaxws="http://cxf.apache.org/jaxws"
    xsi:schemaLocation="
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">

    <bean id="securityInterceptor" class="BasicAuthAuthorizationInterceptor">
      <property name="users">
        <map>
          <entry key="username" value="password"/>
        </map>
      </property>
    </bean>

    <bean id="service" class="sample.Service"/>

    <jaxws:endpoint
      id="serviceEndpoint"
      implementor="#service"
      address="${services.url}/Service">
      <jaxws:inInterceptors>
        <ref bean="securityInterceptor"/>
      </jaxws:inInterceptors>
    </jaxws:endpoint>
</beans>

Java CXF, HTTP, Java, Web Services

Edit in Admin

Comments

Written by anand about 2 years ago.

Hello Chris,
The interceptor works like a breeze.
Thanks for that..
I was wondering if you had a sample client code to share that calls the web service interceptor with the required parameters..?

Thanks,
Written by chris about 2 years ago.

I do not actually call this service using CXF. Another application consumes this web service. I do make use of it in unit tests though. Here is a snippet of what you need to do basic authentication with CXF on the client side:

BindingProvider port = service.getPort(clas)
port.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, “user”)
port.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, “password”)
Written by Uri about 1 year ago.

Hello,

Everything works OK, if the supplied username/password are correct. But when they are incorrect, I get
org.apache.cxf.binding.soap.SoapFault: Error reading XMLStreamReader. ..... Caused by: com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in prolog at [row,col {unknown-source}]: [1,0] at com.ctc.wstx.sr.StreamScanner.throwUnexpectedEOF(StreamScanner.java:686) at com.ctc.wstx.sr.BasicStreamReader.handleEOF(BasicStreamReader.java:2134) at com.ctc.wstx.sr.BasicStreamReader.nextFromProlog(BasicStreamReader.java:2040) at com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1069) at com.ctc.wstx.sr.BasicStreamReader.nextTag(BasicStreamReader.java:1095) at org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:85)
Written by Matt Mendrala about 1 year ago.

You will get an exception if the credentials are not base64 encoded as well. I wonder if that’s what you are seeing.
Written by Dennis Vredeveld about 1 year ago.

Could it be that the exception above is being caused by the client that tries to parse the response as an SOAP response. Clearly, an “HTTP/1.1 401 Unauthorized…” will not be parsed as XML.
Written by Nuno about 1 year ago.

There is a minor bug in this code, you should replace “Content-Length” with “Content-length”, otherwise you will get the error above reported by Uri.
Written by Scott about 1 year ago.

What is the context of the following code?

BindingProvider port = service.getPort(clas)
port.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, “user”);
port.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, “password”);

I haven’t been able to find where to put this.
What is “service” and what is “clas”?

Thanks!

Comment Pages:

Coding Clarity

HTTP Basic Authentication with Apache CXF Revisited

Comments

Recent Posts

Categories

Archives

Tags

Blogs I read

Categories

Meta