Developers, Developers, Developers! Maksim Sorokin IT Blog


Maven + Apache Felix + CXF: Securing a Service with HTTP Basic Authentication

This is another post in series Maven + Apache Felix + CXF + DOSGi Series. Here I will describe how to secure CXF published web services with HTTP basic authentication. You can find the sources on my GitHub account.

We will have three projects here. The first one defines an interface for a service. Another one provides implementation for it. And the third one will provide security.


dosgiSecurity will be just a holder project.

Our interface HelloService in bundle dosgiSecurity-api will be similar to the one we defined in


Nginx Basic Authentication on Windows

Nginx supports only plain passwords file without any encryption on Windows! Totaly crazy! That means, intead of:


One has to have plain password:


Basic Authentication in GlassFish 3

Here is asmall basic authentication how-to for a web application in GlassFish 3.

Open GlassFish Administrative Console. Go to


Enable Directory Listings in GlassFish

There is a default-web.xml file in GlassFish which configure some stuff behind the scenes. This file can be found in domains->domain->config folder.

By default, in GlassFish v3 directory listing is disabled. But one can easily enable it by modifying default-web.xml file:


Or if there is no possibility to modify the default-web.xml directly,


A New Book About GlassFish Security

GlassFish Security Cover

I was granted a book from Packt about GlassFish Security. And that is something we want to improve in our products!

The book is about security in Java EE with EJB, Application Client modules and all the friends. Security in GlassFish is a central point of this book. And what is more, there are plenty of real world code and configuration samples. More information about the book can be found on dedicated page on Packt website.