How to protect apache cxf webservice (jax-ws) using oAuth 2.0

Question

How to protect apache cxf webservice (jax-ws) using oAuth 2.0

I deployed webservice to Tomcat using Apache CXF. How can I continue to protect this web service with OAuth 2.0?

I looked at the URL below, but could not find a suitable solution. A working example or tutorials on how to implement OAuth 2.0for a simple web service?

Original link for the tutorial:

JAX-RS: OAuth2

+5

web services apache oauth-2.0 cxf

user739115 Sep 05 '12 at 12:46

source share

2 answers

blo0p3r · Answer 1 · 2013-12-11T13:01:09+0000

I recently ran into the same problem. After a decent amount of research, I discovered (and this may be limited only by me) that it is rather complicated.

You can connect the required “authorization header” to the webservice SOAP call as follows:

Map<String, Object> req_ctx = ((BindingProvider)port).getRequestContext();
req_ctx.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, WS_URL);

Map<String, List<String>> headers = new HashMap<String, List<String>>();
headers.put("key", Collections.singletonList("yourkey"));
//... all other parameters required.
req_ctx.put(MessageContext.HTTP_REQUEST_HEADERS, headers);

:

MessageContext mctx = wsctx.getMessageContext();

//get detail from request headers
    Map http_headers = (Map) mctx.get(MessageContext.HTTP_REQUEST_HEADERS);
    List userList = (List) http_headers.get("key");
//... get other information required here

.

, oAuth2 API - .

oAuth 1 . , , , .

oAuth 2 HTTPS. API? , oAuth 2 ( ). , ( IMO) . API, SSL .

. :

Sergey Beryozkin · Answer 2 · 2014-04-11T14:19:38+0000

: https://cwiki.apache.org/confluence/display/CXF20DOC/JAX-RS+OAuth2#JAX-RSOAuth2-OAuth2tokensandSOAPendpoints

-, , , WS-Security

How to protect apache cxf webservice (jax-ws) using oAuth 2.0

. :

More articles: