Dropwizard-Basic Authentication Scheme
1,083 views
Skip to first unread message
Julian
Jul 3, 2013, 1:54:22 PM7/3/13
to dropwiz...@googlegroups.com
Hi:
I am looking at Dropwizard for my project. I have an authentication scheme that requires the domain name of the web client to resolve what user database to access in the backend for authentication.
This is intended to support multi-tenancy.
It will work via Basic over SSL and the authentication will allow access to a web application interface as well as the underlying rest web services that may be invoked via javascript on the same domain.
As I understand it, I need only write an Authenticator class to resolve whether the given credentials have permission. How do I go about accessing the server request from within the Authenticator class so I can access the domain name of the calling client and use that for credential resolution?
To summarize: I need access to the equivalent of HttpServletRequest that might be available to me in the Authenticator, granted that it's not a servlet. I just need to have a mechanism to grab the domain name of the request from the underlying Jetty server itself.
Thank you!
Jeremy Levy
Jul 3, 2013, 1:58:14 PM7/3/13
to dropwiz...@googlegroups.com
Julian-
You could write your own BasicAuthProvider in which you would then have access to the HttpContext.
Take a look at:
Jeremy
--
You received this message because you are subscribed to the Google Groups "dropwizard-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dropwizard-us...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
_______________________________________________
Jeremy Levy | Chief Technology Officer
MeetMoi
520 Broadway, 10th Floor
New York, NY 10012
http://www.meetmoi.com
http://www.twitter.com/meetmoi
http://www.facebook.com/meetmoi
Julian
Jul 3, 2013, 2:03:22 PM7/3/13
to dropwiz...@googlegroups.com
Sweet thanks dude
Julian
Jul 4, 2013, 6:39:36 PM7/4/13
to dropwiz...@googlegroups.com
Thank you for your response. I implemented everything and it is working great.
I just have one question - I would like to protect not only Resources but assets under my AssetsBundle. What mechanism can I use to essentially force Dropwizard to authenticate everything under a certain mounting point. For example, if I mount the assets bundle under /ux/ and I want to protect the entire /ux/ tree requiring basic authentication, but not other trees unless explicitly requested.
I just have one question - I would like to protect not only Resources but assets under my AssetsBundle. What mechanism can I use to essentially force Dropwizard to authenticate everything under a certain mounting point. For example, if I mount the assets bundle under /ux/ and I want to protect the entire /ux/ tree requiring basic authentication, but not other trees unless explicitly requested.
Thanks!
Jeremy Levy
Jul 5, 2013, 1:08:24 PM7/5/13
to dropwiz...@googlegroups.com
I haven't done anything like that before- however I suspect given that the assets folder is being served via Jetty a servlet filter would probably do the trick.
Jeremy
Matt
Jul 16, 2013, 1:05:16 AM7/16/13
to dropwiz...@googlegroups.com
Hi Julian (or anyone),
Just wondering if you came up with a solution. I'm also trying to protect assets under my AssetsBundle for a path (i.e. /admin/*) using basic authentication.
cheers,
Matt
Message has been deleted
Terje Andersen
Mar 1, 2016, 8:15:53 AM3/1/16
to dropwizard-user
Hi everybody.
Whilst i realize that this post is pretty ancient now. Is there anyone that has recipe on protecting assets served with AssetsBundle yet? I am facing this issue now.
Cheers,
- Terje
Reply all
Reply to author
Forward
0 new messages