Reputation: 1154
Working towards getting a Kerberos authenticated Web Service up and running and while Apache CXF seems to meet my requirements I'm struggling to get things started.
Hosting on Tomcat 7 and my super simple test service works but I can't figure out how to get CXF to provide security:
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
@Path("test")
public class ItemResource {
public ItemResource() {
}
@GET
@Produces("application/json")
public String getJson(@QueryParam("name") int test) {
return "test";
}
}
Web.xml
<servlet>
<init-param>
<param-name>com.sun.jersey.api.json.POJOMappingFeature</param-name>
<param-value>true</param-value>
</init-param>
<servlet-name>jersey-serlvet</servlet-name>
<servlet-class>
com.sun.jersey.spi.container.servlet.ServletContainer
</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>net.example.test/param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
The documentation says I can protect the Rest service with the org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter but I'm unsure as to how to do this.
Any help would be appreciated.
Upvotes: 1
Views: 1001
Reputation: 2810
If you want to use CXF's KerberosAuthenticationFilter
you have to use CXF as JAX-RS implementation, instead of Jersey.
You can find out how to do that on CXF JAX-RS help pages or in this tutorial. First you have to remove all configuration from web.xml
because it is valid only for Jersey. Then follow the tutorial to create the service.
Finally you have to add mentioned KerberosAuthenticationFilter
to CXF spring configuration like in the cited documentation.
EDIT:
Because linked tutorial indeed does not run I fixed it. You can download it from my github project RestWithCXF.
You might also find useful samples in samples\jax_rs
of CXF distro.
Upvotes: 2