110 lines
No EOL
4.4 KiB
Text
110 lines
No EOL
4.4 KiB
Text
|
|
[[_fuse_adapter_cxf_separate]]
|
|
===== Securing an Apache CXF Endpoint on a Separate Jetty Engine
|
|
|
|
To run your CXF endpoints secured by {project_name} on separate Jetty engines, complete the following steps:
|
|
|
|
. Add `META-INF/spring/beans.xml` to your application, and in it, declare `httpj:engine-factory` with Jetty SecurityHandler with injected `KeycloakJettyAuthenticator`. The configuration for a CFX JAX-wS application might resemble this one:
|
|
+
|
|
[source,xml]
|
|
----
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
<beans xmlns="http://www.springframework.org/schema/beans"
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xmlns:jaxws="http://cxf.apache.org/jaxws"
|
|
xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
|
|
xsi:schemaLocation="
|
|
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
|
|
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
|
|
http://www.springframework.org/schema/osgi http://www.springframework.org/schema/osgi/spring-osgi.xsd
|
|
http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd">
|
|
|
|
<import resource="classpath:META-INF/cxf/cxf.xml" />
|
|
|
|
<bean id="kcAdapterConfig" class="org.keycloak.representations.adapters.config.AdapterConfig">
|
|
<property name="realm" value="demo"/>
|
|
<property name="resource" value="custom-cxf-endpoint"/>
|
|
<property name="bearerOnly" value="true"/>
|
|
<property name="authServerUrl" value="http://localhost:8080/auth" />
|
|
<property name="sslRequired" value="EXTERNAL"/>
|
|
</bean>
|
|
|
|
<bean id="keycloakAuthenticator" class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
|
|
<property name="adapterConfig">
|
|
<ref local="kcAdapterConfig" />
|
|
</property>
|
|
</bean>
|
|
|
|
<bean id="constraint" class="org.eclipse.jetty.util.security.Constraint">
|
|
<property name="name" value="Customers"/>
|
|
<property name="roles">
|
|
<list>
|
|
<value>user</value>
|
|
</list>
|
|
</property>
|
|
<property name="authenticate" value="true"/>
|
|
<property name="dataConstraint" value="0"/>
|
|
</bean>
|
|
|
|
<bean id="constraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
|
|
<property name="constraint" ref="constraint"/>
|
|
<property name="pathSpec" value="/*"/>
|
|
</bean>
|
|
|
|
<bean id="securityHandler" class="org.eclipse.jetty.security.ConstraintSecurityHandler">
|
|
<property name="authenticator" ref="keycloakAuthenticator" />
|
|
<property name="constraintMappings">
|
|
<list>
|
|
<ref local="constraintMapping" />
|
|
</list>
|
|
</property>
|
|
<property name="authMethod" value="BASIC"/>
|
|
<property name="realmName" value="does-not-matter"/>
|
|
</bean>
|
|
|
|
<httpj:engine-factory bus="cxf" id="kc-cxf-endpoint">
|
|
<httpj:engine port="8282">
|
|
<httpj:handlers>
|
|
<ref local="securityHandler" />
|
|
</httpj:handlers>
|
|
<httpj:sessionSupport>true</httpj:sessionSupport>
|
|
</httpj:engine>
|
|
</httpj:engine-factory>
|
|
|
|
<jaxws:endpoint
|
|
implementor="org.keycloak.example.ws.ProductImpl"
|
|
address="http://localhost:8282/ProductServiceCF" depends-on="kc-cxf-endpoint" />
|
|
|
|
</beans>
|
|
----
|
|
+
|
|
For the CXF JAX-RS application, the only difference might be in the configuration of the endpoint dependent on engine-factory:
|
|
+
|
|
[source,xml]
|
|
----
|
|
<jaxrs:server serviceClass="org.keycloak.example.rs.CustomerService" address="http://localhost:8282/rest"
|
|
depends-on="kc-cxf-endpoint">
|
|
<jaxrs:providers>
|
|
<bean class="com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider" />
|
|
</jaxrs:providers>
|
|
</jaxrs:server>
|
|
----
|
|
|
|
|
|
. The `Import-Package` in `META-INF/MANIFEST.MF` must contain those imports:
|
|
|
|
[source, subs="attributes"]
|
|
----
|
|
META-INF.cxf;version="[2.7,3.2)",
|
|
META-INF.cxf.osgi;version="[2.7,3.2)";resolution:=optional,
|
|
org.apache.cxf.bus;version="[2.7,3.2)",
|
|
org.apache.cxf.bus.spring;version="[2.7,3.2)",
|
|
org.apache.cxf.bus.resource;version="[2.7,3.2)",
|
|
org.apache.cxf.transport.http;version="[2.7,3.2)",
|
|
org.apache.cxf.*;version="[2.7,3.2)",
|
|
org.springframework.beans.factory.config,
|
|
org.eclipse.jetty.security;version="[8,10)",
|
|
org.eclipse.jetty.util.security;version="[8,10)",
|
|
org.keycloak.*;version="{project_versionMvn}"
|
|
---- |