Skip to content


Basic authorization for REST

package com.company.auth.service;

import java.io.IOException;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.util.Arrays;
import java.util.Map;

import org.apache.cxf.binding.soap.interceptor.SoapHeaderInterceptor;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Exchange;
import org.apache.cxf.message.Message;
import org.apache.cxf.transport.Conduit;
import org.apache.cxf.ws.addressing.EndpointReferenceType;
import org.springframework.security.Authentication;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.AuthenticationProvider;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;

public class BasicAuthAuthorizationInterceptor extends SoapHeaderInterceptor
{
	AuthenticationProvider	authenticationProvider;

	public void setAuthenticationProvider(final AuthenticationProvider authenticationProvider)
	{
		this.authenticationProvider = authenticationProvider;
	}

	@Override
	public void handleMessage(final Message message) throws Fault
	{
		try
		{

			final AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
			if (policy == null)
			{
				sendErrorResponse(message, HttpURLConnection.HTTP_UNAUTHORIZED);
				return;
			}
			Authentication authentication = new UsernamePasswordAuthenticationToken(policy
					.getUserName(), policy.getPassword());

			authentication = authenticationProvider.authenticate(authentication);
			SecurityContextHolder.getContext().setAuthentication(authentication);
		}
		catch (final RuntimeException ex)
		{
			sendErrorResponse(message, HttpURLConnection.HTTP_UNAUTHORIZED);
			throw ex;
		}
	}

	@SuppressWarnings("unchecked")
	private void sendErrorResponse(final Message message, final int responseCode)
	{
		final Message outMessage = getOutMessage(message);
		outMessage.put(Message.RESPONSE_CODE, responseCode);
		// Set the response headers
		final Map responseHeaders = (Map) message.get(Message.PROTOCOL_HEADERS);
		if (responseHeaders != null)
		{
			responseHeaders.put("WWW-Authenticate", Arrays
					.asList(new String[] { "Basic realm=realm" }));
			responseHeaders.put("Content-Length", Arrays.asList(new String[] { "0" }));
		}
		message.getInterceptorChain().abort();
		try
		{
			getConduit(message).prepare(outMessage);
			close(outMessage);
		}
		catch (final IOException e)
		{
			e.printStackTrace();
		}
	}

	private Message getOutMessage(final Message inMessage)
	{
		final Exchange exchange = inMessage.getExchange();
		Message outMessage = exchange.getOutMessage();
		if (outMessage == null)
		{
			final Endpoint endpoint = exchange.get(Endpoint.class);
			outMessage = endpoint.getBinding().createMessage();
			exchange.setOutMessage(outMessage);
		}
		outMessage.putAll(inMessage);
		return outMessage;
	}

	private Conduit getConduit(final Message inMessage) throws IOException
	{
		final Exchange exchange = inMessage.getExchange();
		final EndpointReferenceType target = exchange.get(EndpointReferenceType.class);
		final Conduit conduit = exchange.getDestination().getBackChannel(inMessage, null, target);
		exchange.setConduit(conduit);
		return conduit;
	}

	private void close(final Message outMessage) throws IOException
	{
		final OutputStream os = outMessage.getContent(OutputStream.class);
		os.flush();
		os.close();
	}

}
package com.company.auth.service;

import java.io.IOException;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.util.Arrays;
import java.util.Map;

import org.apache.cxf.binding.soap.interceptor.SoapHeaderInterceptor;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Exchange;
import org.apache.cxf.message.Message;
import org.apache.cxf.transport.Conduit;
import org.apache.cxf.ws.addressing.EndpointReferenceType;
import org.springframework.security.Authentication;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.AuthenticationProvider;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;

public class BasicAuthAuthorizationInterceptor extends SoapHeaderInterceptor
{
AuthenticationProvider    authenticationProvider;

public void setAuthenticationProvider(final AuthenticationProvider authenticationProvider)
{
this.authenticationProvider = authenticationProvider;
}

@Override
public void handleMessage(final Message message) throws Fault
{
try
{

final AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
if (policy == null)
{
sendErrorResponse(message, HttpURLConnection.HTTP_UNAUTHORIZED);
return;
}
Authentication authentication = new UsernamePasswordAuthenticationToken(policy
.getUserName(), policy.getPassword());

authentication = authenticationProvider.authenticate(authentication);
SecurityContextHolder.getContext().setAuthentication(authentication);
}
catch (final RuntimeException ex)
{
sendErrorResponse(message, HttpURLConnection.HTTP_UNAUTHORIZED);
throw ex;
}
}

@SuppressWarnings(“unchecked”)
private void sendErrorResponse(final Message message, final int responseCode)
{
final Message outMessage = getOutMessage(message);
outMessage.put(Message.RESPONSE_CODE, responseCode);
// Set the response headers
final Map responseHeaders = (Map) message.get(Message.PROTOCOL_HEADERS);
if (responseHeaders != null)
{
responseHeaders.put(“WWW-Authenticate”, Arrays
.asList(new String[] { “Basic realm=realm” }));
responseHeaders.put(“Content-Length”, Arrays.asList(new String[] { “0” }));
}
message.getInterceptorChain().abort();
try
{
getConduit(message).prepare(outMessage);
close(outMessage);
}
catch (final IOException e)
{
e.printStackTrace();
}
}

private Message getOutMessage(final Message inMessage)
{
final Exchange exchange = inMessage.getExchange();
Message outMessage = exchange.getOutMessage();
if (outMessage == null)
{
final Endpoint endpoint = exchange.get(Endpoint.class);
outMessage = endpoint.getBinding().createMessage();
exchange.setOutMessage(outMessage);
}
outMessage.putAll(inMessage);
return outMessage;
}

private Conduit getConduit(final Message inMessage) throws IOException
{
final Exchange exchange = inMessage.getExchange();
final EndpointReferenceType target = exchange.get(EndpointReferenceType.class);
final Conduit conduit = exchange.getDestination().getBackChannel(inMessage, null, target);
exchange.setConduit(conduit);
return conduit;
}

private void close(final Message outMessage) throws IOException
{
final OutputStream os = outMessage.getContent(OutputStream.class);
os.flush();
os.close();
}

}


2 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

  1. li says

    it’s does’t work at websphere 6.1~~~~~~~~~~

  2. Gennadiy Bukhmatov says

    Can you be more specific about configuration you have?

You must be logged in to post a comment.