Maven + Apache Felix + CXF: Securing a Service with HTTP Basic Authentication
This is another post in series Maven + Apache Felix + CXF + DOSGi Series. Here I will describe how to secure CXF published web services with HTTP basic authentication. You can find the sources on my GitHub account.
We will have three projects here. The first one defines an interface for a service. Another one provides implementation for it. And the third one will provide security.
dosgiSecurity
dosgiSecurity-api
dosgiSecurity-impl
dosgiSecurity-security
dosgiSecurity will be just a holder project.
Our interface HelloService in bundle dosgiSecurity-api will be similar to the one we defined in
Nginx Basic Authentication on Windows
Nginx supports only plain passwords file without any encryption on Windows! Totaly crazy! That means, intead of:
mah:6hpon1QBxl45M
One has to have plain password:
mah:secret
Basic Authentication in GlassFish 3
Here is asmall basic authentication how-to for a web application in GlassFish 3.
Open GlassFish Administrative Console. Go to
Enable Directory Listings in GlassFish
There is a default-web.xml file in GlassFish which configure some stuff behind the scenes. This file can be found in domains->domain->config folder.
By default, in GlassFish v3 directory listing is disabled. But one can easily enable it by modifying default-web.xml file:
<init-param> <param-name>debug</param-name> <param-value>0</param-value> </init-param>
Or if there is no possibility to modify the default-web.xml directly,
A New Book About GlassFish Security
I was granted a book from Packt about GlassFish Security. And that is something we want to improve in our products!
The book is about security in Java EE with EJB, Application Client modules and all the friends. Security in GlassFish is a central point of this book. And what is more, there are plenty of real world code and configuration samples. More information about the book can be found on dedicated page on Packt website.