Skip to main content

Authentication

Basic Authentication sample:

<conduit name="{http://example.com/}HelloWorldServicePort.http-conduit" 
   xmlns:sec="http://cxf.apache.org/configuration/security"
   xmlns="http://cxf.apache.org/transports/http/configuration">
   <authorization>
      <sec:UserName>myuser</sec:UserName>
      <sec:Password>mypasswd</sec:Password>
      <sec:AuthorizationType>Basic</sec:AuthorizationType>
   </authorization>
</conduit>

For Digest Authentication, use the same as above but with AuthorizationType value of Digest. (Note the AuthorizationType element can be omitted if you're using Basic authentication, as above.)

Authorization can also be supplied dynamically, by implementing the org.apache.cxf.transport.http.auth.HttpAuthSupplier interface or another interface which extends it. The main method this interface provides is:

public String getAuthorization(AuthorizationPolicy authPolicy, 
   URL currentURL, Message message, String fullHeader);

With this method you'll need to supply the HttpAuthPolicy, the service URL, the CXF message and the full Authorization header (what the server sent in its last response). With the latter value multi-phase authentications can be implemented. For a simple implementation check the org.apache.cxf.transport.http.auth.DefaultBasicAuthSupplier class. On the conduit above, declare your implementation class in an AuthSupplier element for CXF to use it.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!