Apply HTTP basic authentication to jax ws (HttpSpiContextHandler) in embedded Jetty

StackOverflow https://stackoverflow.com/questions/22980905

Question

There are some similar questions for earlier versions of Jetty (pre 9) but none that address this specific problem :

Server server = new Server();
System.setProperty("com.sun.net.httpserver.HttpServerProvider",
     JettyHttpServerProvider.class.getName()); 
JettyHttpServer jettyServer = new JettyHttpServer(server, true);
Endpoint endpoint = Endpoint.create(new SOAPService()); // this class to handle all ws requests
endpoint.publish(jettyServer.createContext("/service")); // access by path
server.start()

Simplified code example above to show the only way that I have found to bridge between Jetty and incoming soap requests to my jax-ws service. All settings are in code with no web.xml, this is part of a larger solution that has multiple contexts and connections for different purposes (servlets etc..)

I have tried to add a handler class to the jettyServer.createContext("/service",new handler()) to see if I can perform a header extraction to simulate basic auth but it never gets executed.

My problem is that i cannot find a way to specify, by code against the Jetty server, to use basic authentication. Using the setSecurityHandler method of a ServletContextHandler is easy and works great for other contexts, i just can't figure out how to use this concept for the jax-ws service. Any help would be much appreciated.

p.s. SSL is already implemented, I just need to add http basic auth.

Was it helpful?

Solution

For anyone else that may of come across the same problem here is the answer that i stumbled on eventually.

final HttpContext httpContext = jettyServer.createContext("/service");
com.sun.net.httpserver.BasicAuthenticator a = new com.sun.net.httpserver.BasicAuthenticator("") {
                public boolean checkCredentials (String username, String pw) 
                {
                    return username.equals("username") && pw.equals("password");
                }
            };
httpContext.setAuthenticator(a);
endpoint.publish(httpContext);//access by path

You can expand the checkCredentials for something a bit more sophisticated of course, but this shows the basic working method.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top