2

I am trying for several hours to make working the mechanism explained in topic: Best practice for REST token-based authentication with JAX-RS and Jersey

But after debugging it seems that I am not stopping in the ContainerRequestFilter... Here is what I have:

import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

import javax.ws.rs.NameBinding;

@NameBinding
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.TYPE, ElementType.METHOD})
public @interface Secured { }

My AuthenticationFilter is exactly the same as what is explained in the topic (copy past)

I have an endpoint:

  @Path("/")
  @WebService(name="account", targetNamespace="")
  public interface ProfileCXFService
  {
  @GET
  @Secured
  @Path("/displayProfile")
  @Produces({MediaType.APPLICATION_JSON})
  @Consumes({MediaType.APPLICATION_JSON})
  public Response displayProfile(@QueryParam("token")String token, @QueryParam("profileID")String profileID);
  }

And here is the content of my web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<display-name>CxfRestService</display-name>
<welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/beans.xml</param-value>
</context-param>
<servlet>
    <servlet-name>CXFServlet</servlet-name>
    <servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>CXFServlet</servlet-name>
    <url-pattern>/rest/*</url-pattern>
</servlet-mapping>
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

Here is the request I am sending with postman (For the moment the token is inside the body but even If I put it in the Authentication header param it is not working). The problem is that code of the endpoint is directly executed and nothing the Filter is not called.

GET /BD-BD/rest/account/displayProfile?token=vfE1qPLiiyPx20ymp0C483VxcpCj07HKAB8cTmgXamp;profileID=35 HTTP/1.1
Host: localhost:8080
Content-Type: application/json
Cache-Control: no-cache
Postman-Token: 0908ac3d-17ab-55ef-337a-fabfe7fed387

Is there a configuration needed?? Thanks in advance :)

Community
  • 1
  • 1
Geoffrey
  • 1,151
  • 3
  • 13
  • 26

1 Answers1

1

When using Apache CXF, the filters and interceptors must be registered in the cxf.xml configuration file. This file must be in the classpath of your application.

Here's an example extracted from the CXF documentation of what your CXF configuration file can be like when registering a filter:

<beans>
    <jaxrs:server id="customerService" address="/">

        <jaxrs:serviceBeans>
          <bean class="org.CustomerService" />
        </jaxrs:serviceBeans>

        <jaxrs:providers>
          <ref bean="authorizationFilter" />
        </jaxrs:providers>

        <bean id="authorizationFilter" class="com.bar.providers.AuthorizationFilter">
            <!-- authorization bean properties -->
        </bean>

    </jaxrs:server>
</beans>

For more details, check the CXF documentation about configuration.

cassiomolin
  • 124,154
  • 35
  • 280
  • 359