Apache CXF: How to secure JAX-RS web service with basic authentication
-
19-09-2019 - |
Question
I have a Spring application that publishes some RESTful web services using Apache CXF (using jax-rs). I would like to secure access to those services using HTTP basic authentication. The username and password should be in a Spring configuration file. The main application already uses Spring Security and I would prefer not to mess with that setup.
What is the easiest way to do this? I could write my own ServletFilter but surely there must be a way to configure this?
Solution
The author of HTTP Basic Authentication with Apache CXF Revisited provides the code of a CXF Interceptor that implements HTTP Basic Authentication validation and a sample of how to define the security interceptor and enable it on a simple endpoint.