As the tittle. I'm using Ivy version 6.2 and would like to know how to secure my REST Services using Bearer Authorization instead of basic. Thanks

asked 21.06.2018 at 07:31

thminh's gravatar image

accept rate: 0%

You are free to use any authentication method on modern Axon.ivy platforms.

If you need a non standard authorization approach just implement a custom tomcat valve for authentication and authorization:

Implementation details can be found here: or here

... so far about modern Platforms. But I'm not sure whether this works on the very outdated 6.2 leading edge version. So I suggest that you basically ensure that it works on 7.0 LTS. And may give it a try afterwards in the old 6.2... Keep in mind: it was never the idea that outdated leading edge versions are used productive for a long time. Update as fast as you can if you want to operate a secure engine with well documented supported featureset.


answered 22.06.2018 at 02:25

Reguel%20Wermelinger's gravatar image

Reguel Werme... ♦♦
accept rate: 70%

Thanks for your instructions. I created a custom valve in Ivy 7.1 to validate the bearer token. Inside the method, I get the Authorization token in the header and check if it is valid or not, if not, could I stop the request and throw an unauthorized exception back to the client?

public void invoke(Request request, Response response) throws IOException, ServletException {

    String token = request.getHeader("Authorization");

        getNext().invoke(request, response);
        String userName = extractUserNameFromToken(token);
        getNext().invoke(request, response);
    } else {
        // How to reject the request and throw unauthorized exception back to the client? 



answered 28.06.2018 at 02:55

thminh's gravatar image

accept rate: 0%

edited 28.06.2018 at 02:57


in case there is no login information: response.sendError(HttpServletResponse.SC_UNAUTHORIZED); or in case of an invalid token: response.sendError(HttpServletResponse.SC_FORBIDDEN);

..this will just end with the correct HTTP status code. most clients will know how to deal with it.

(28.06.2018 at 06:29) Reguel Werme... ♦♦ Reguel%20Wermelinger's gravatar image
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: 21.06.2018 at 07:31

Seen: 2,949 times

Last updated: 02.07.2018 at 02:50