Results 1 to 6 of 6

Thread: Apache CXF + Spring Security + Oauth

  1. Jul 15th, 2011, 04:07 AM #1
    abhi12482
    abhi12482 is offline Junior Member
    Join Date
    Jul 2011
    Posts
    5

    Default Apache CXF + Spring Security + Oauth

    We have apache CXF configured RESTful services for our application. Now the requirement is to secure the web services and that too in a manner that WS client doesn't need to send username password in each request. So I decided to go with Oauth two legged and spring security. I have following questions:

    1. is this combination feasible as i didnt find any blog/discussion with such a combination.
    2. google code base : http://code.google.com/p/cxf-spring-security/ has done spring security integration with CXF WS (SOAP) does it also works for REST.
    3. for two legged oauth should i go for oauth 1.0a or oauth 2.0.

    I am trying to find a feasible solution but not sure whether i am going in right direction. Kindly suggest.

    Thanks,
    Abhishek
    Reply With Quote Reply With Quote
  2. Jul 18th, 2011, 04:58 AM #2
    abhi12482
    abhi12482 is offline Junior Member
    Join Date
    Jul 2011
    Posts
    5

    Default CXF supports oauth 1.0

    CXF supports oauth 1.0

    http://cxf.apache.org/docs/cxf-oauth-10.html

    I am trying it out and will update if successful.
    Reply With Quote Reply With Quote
  3. Dec 22nd, 2011, 07:59 AM #3
    shivnarayan
    shivnarayan is offline Member
    Join Date
    Jul 2006
    Posts
    48

    Default Apache CXF + Spring Security + Oauth

    Hi Abhishek,

    How was your experience with Apache CXF + Spring Security + Oauth.

    I am trying this combination to authenticate iPhone users.

    How was your experience.

    Can you please kindly share..

    Regards, Shiv
    Reply With Quote Reply With Quote
  4. Dec 22nd, 2011, 08:03 AM #4
    abhi12482
    abhi12482 is offline Junior Member
    Join Date
    Jul 2011
    Posts
    5

    Default No Success in implementing the same

    I didnt found much help on this and gave up after investing 1 week in the same.
    Reply With Quote Reply With Quote
  5. Dec 22nd, 2011, 09:26 AM #5
    Dave Syer
    Dave Syer is offline Senior Member
    Join Date
    Jun 2005
    Posts
    4,231

    Default

    I think you might have been asking the wrong questions. The purpose of OAuth is not to avoid sending authentication with every request. If your WS clients have a shared secret with the server, and they don't act on any one else's behalf then basic auth should be fine. Both vanilla shared secrets over HTTP basic and OAuth can be used to secure a web service using Spring Security (CXF or whatever), but which you would use depends on your requirements.
    Reply With Quote Reply With Quote
  6. Dec 22nd, 2011, 10:34 AM #6
    abhi12482
    abhi12482 is offline Junior Member
    Join Date
    Jul 2011
    Posts
    5

    Default

    Hi Dave,

    Thanks for the clarification. What i was targeting to achieve was have an Oauth server above my webservice server.

    So that client will provide the username password once and oauth server will generate some shared secret which will be implicitly passed from client in further calls.

    And as used by other oauth systems this key will have some expiry time and other features provided by oauth.

    Thanks,
    Abhishek
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules