tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Romain Manni-Bucau <rmannibu...@gmail.com>
Subject Re: protect endpoint with basic auth
Date Wed, 22 Aug 2018 14:26:06 GMT
Yes works, or even @WebFilter(urlPatterns="/*",asyncSupported=true)

Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> |  Blog
<https://rmannibucau.metawerx.net/> | Old Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
<https://www.packtpub.com/application-development/java-ee-8-high-performance>


Le mer. 22 août 2018 à 16:15, Matthew Broadhead
<matthew.broadhead@nbmlaw.co.uk.invalid> a écrit :

> Hi Romain,
>
> Thanks.  that was the conclusion was coming to.  I am glad it is a valid
> solution.  I found this example also
> https://gist.github.com/neolitec/8953607.
>
> I guess i will define a filter mapping in web.xml
>
> Matthew
>
> On 22/08/18 16:01, Romain Manni-Bucau wrote:
> > Hi Matthew,
> >
> > tomcat does that because the spec does (even if several people ask to
> break
> > that limitation it is not yet done at servlet spec level)
> > that said to secure a rest endpoint you just need a filter in your app
> and
> > implement the security login in there. you can delegate to the container
> > (request.login()/request.logout())  or not depending what you want to do.
> > MP JWT Auth uses that typically:
> >
> https://github.com/apache/geronimo-jwt-auth/blob/master/src/main/java/org/apache/geronimo/microprofile/impl/jwtauth/servlet/GeronimoJwtAuthFilter.java
> >
> > Romain Manni-Bucau
> > @rmannibucau <https://twitter.com/rmannibucau> |  Blog
> > <https://rmannibucau.metawerx.net/> | Old Blog
> > <http://rmannibucau.wordpress.com> | Github <
> https://github.com/rmannibucau> |
> > LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
> > <
> https://www.packtpub.com/application-development/java-ee-8-high-performance
> >
> >
> >
> > Le mer. 22 août 2018 à 15:55, Matthew Broadhead
> > <matthew.broadhead@nbmlaw.co.uk.invalid> a écrit :
> >
> >> my webapp already has a login-config set to keycloak in web.xml so AFAIK
> >> i cannot define any other security configs there.  why doesn't tomcat
> >> allow multiple security methods?
> >> <login-config>
> >>       <auth-method>KEYCLOAK</auth-method>
> >>       <realm-name>secure</realm-name>
> >> </login-config>
> >>
> >> is there another way to protect a jax-rs endpoint using basic auth
> >> without having to create another webapp?  i read something about
> valves...
> >>
> >>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message