Hi, I am redirecting the question into user list, if you don't mind.
I think OAuth 2.0 client credentials could be elegant solution for this case (https://cxf.apache.org/docs/jax-rs-oauth2.html). You will be able to authenticate client first time with HTTP basic credentials against OAuth Authentication Service (authentication can be JAAS based) and issue AccessToken (and RefreshToken). For further call Resource Service will validate AccessToken and you don't need to send HTTP basic credentials anymore. Second option is using SAML authentication token and STS with JAAS extension, but this is more involved (https://cxf.apache.org/docs/jax-rs-saml.html ). Does it make sense for you? Regards, Andrei. > -----Original Message----- > From: Honey Goyal [mailto:er.honey2...@gmail.com] > Sent: Donnerstag, 10. April 2014 10:06 > To: dev@cxf.apache.org > Subject: Secure CXF rsServer with Jaas authentication > > Hi, > > I am newbie to CXF. I have configured CXF JAASAuthenticationFilter to > authenticate by jaas realm to each rest call. But each time i had to pass > Basic > Authenticate header to authenticate it. Can i configure any token based login > along with JAAS? So that only first time it authenticate with jaas and return > any > auth token. Next time only i need that auth token to make call from client > side. > > This is my working blueprint > > <?xml version="1.0" encoding="UTF-8"?> > <blueprint > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"; > xmlns:camel="http://camel.apache.org/schema/blueprint"; > xmlns:cxf="http://camel.apache.org/schema/blueprint/cxf"; > xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.0.0"; > xmlns:jaxrs="http://cxf.apache.org/blueprint/jaxrs"; > xsi:schemaLocation=" > http://www.osgi.org/xmlns/blueprint/v1.0.0 > http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd > http://camel.apache.org/schema/blueprint/cxf > http://camel.apache.org/schema/blueprint/cxf/camel-cxf.xsd > http://cxf.apache.org/blueprint/jaxrs > http://cxf.apache.org/schemas/blueprint/jaxrs.xsd > http://camel.apache.org/schema/blueprint > http://camel.apache.org/schema/blueprint/camel-blueprint.xsd"; > > > <cm:property-placeholder persistent-id="com.xxxx.cp.securitytoken"> > <cm:default-properties> > <cm:property name="myapp.api.url" > value="http://localhost:80/v1"; /> > </cm:default-properties> > </cm:property-placeholder> > > <cxf:rsServer id="rsServer" address="/security" > serviceClass="com.xxxx.cp.securitytoken.SecurityTokenServiceImpl"> > <cxf:providers> > <ref component-id="authorizationFilter"/> > </cxf:providers> > </cxf:rsServer> > > < bean id="authorizationFilter" > class="org.apache.cxf.jaxrs.security.JAASAuthenticationFilter"> > Name of the JAAS Context > <property name="contextName" value="myRealm"/> > </bean> > > <camelContext xmlns="http://camel.apache.org/schema/blueprint"; > id="security"> > <route> > <from uri="cxfrs://bean://rsServer"/> > <to uri="{{myapp.api.url}}?bridgeEndpoint=true" /> > </route> > </camelContext> > > </blueprint> > > > > -- > View this message in context: http://cxf.547215.n5.nabble.com/Secure-CXF- > rsServer-with-Jaas-authentication-tp5742659.html > Sent from the cxf-dev mailing list archive at Nabble.com.
