Apache CXF - JAX-RS Security

Question

Working towards getting a Kerberos authenticated Web Service up and running and while Apache CXF seems to meet my requirements I'm struggling to get things started.

Hosting on Tomcat 7 and my super simple test service works but I can't figure out how to get CXF to provide security:

import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;

    @Path("test")
    public class ItemResource {

        public ItemResource() {
        }


        @GET
        @Produces("application/json")
        public String getJson(@QueryParam("name") int test) {

            return "test";

        }
    }

Web.xml

    
            
                com.sun.jersey.api.json.POJOMappingFeature
                true
            
    jersey-serlvet
    
                 com.sun.jersey.spi.container.servlet.ServletContainer
            
    
         com.sun.jersey.config.property.packages
         net.example.test/param-value>
    
    1

The documentation says I can protect the Rest service with the org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter but I'm unsure as to how to do this.

Any help would be appreciated.

Dawid Pytel · Accepted Answer

If you want to use CXF's KerberosAuthenticationFilter you have to use CXF as JAX-RS implementation, instead of Jersey.

You can find out how to do that on CXF JAX-RS help pages or in this tutorial. First you have to remove all configuration from web.xml because it is valid only for Jersey. Then follow the tutorial to create the service.

Finally you have to add mentioned KerberosAuthenticationFilter to CXF spring configuration like in the cited documentation.

EDIT:

Because linked tutorial indeed does not run I fixed it. You can download it from my github project RestWithCXF.

You might also find useful samples in samples\jax_rs of CXF distro.

Apache CXF - JAX-RS Security

Answers (1)

Related Questions