tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matthew Broadhead <matthew.broadh...@nbmlaw.co.uk.INVALID>
Subject Re: protect endpoint with basic auth
Date Wed, 22 Aug 2018 14:15:03 GMT
Hi Romain,

Thanks.  that was the conclusion was coming to.  I am glad it is a valid 
solution.  I found this example also 
https://gist.github.com/neolitec/8953607.

I guess i will define a filter mapping in web.xml

Matthew

On 22/08/18 16:01, Romain Manni-Bucau wrote:
> Hi Matthew,
>
> tomcat does that because the spec does (even if several people ask to break
> that limitation it is not yet done at servlet spec level)
> that said to secure a rest endpoint you just need a filter in your app and
> implement the security login in there. you can delegate to the container
> (request.login()/request.logout())  or not depending what you want to do.
> MP JWT Auth uses that typically:
> https://github.com/apache/geronimo-jwt-auth/blob/master/src/main/java/org/apache/geronimo/microprofile/impl/jwtauth/servlet/GeronimoJwtAuthFilter.java
>
> Romain Manni-Bucau
> @rmannibucau <https://twitter.com/rmannibucau> |  Blog
> <https://rmannibucau.metawerx.net/> | Old Blog
> <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau>
|
> LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
> <https://www.packtpub.com/application-development/java-ee-8-high-performance>
>
>
> Le mer. 22 août 2018 à 15:55, Matthew Broadhead
> <matthew.broadhead@nbmlaw.co.uk.invalid> a écrit :
>
>> my webapp already has a login-config set to keycloak in web.xml so AFAIK
>> i cannot define any other security configs there.  why doesn't tomcat
>> allow multiple security methods?
>> <login-config>
>>       <auth-method>KEYCLOAK</auth-method>
>>       <realm-name>secure</realm-name>
>> </login-config>
>>
>> is there another way to protect a jax-rs endpoint using basic auth
>> without having to create another webapp?  i read something about valves...
>>
>>


Mime
View raw message