• Register
First time here? Checkout the FAQ!
x
Welcome to Find4Answers.com

Where you can Ask Questions, Find Answers Or Receive Answers from other members of the community And Share in Social networking sites like facebook, linkedin, twitter.
3cx phone system assignment writing service bandar bola best waikiki restaurants boiler business car car insurance quotes car insurance quotes car insurance quotes car lease deals car leasing uk chwilówka przez internet zapewne company convey convey law complaints convey law reviews convey law service conveylaw cosmetic dentist csr classics hack csr classics hack csr classics hack data data recovery maidenhead deals design development double glazing leeds electrician electrician manchester electricians emergency farm filmy bez limitu filmy online finlock finlock solutions general genral golf holidays spain graduate jobs in london graduate jobs london heap how to jump higher how to jump higher how to jump higher infrared sauna infrared sauna saunas inline skating java judi bola law law firm in leeds lease leasing led lights led bulbs leeds legal smoke life insurance quotes log london manchester mercedes lease deals mercedes leasing mezzanine movies museums and art nikogo szybka chwilówka none none none ny male revue outsource link building paid search agency performance car hire personal personal injury lawyer porcelain veneers ramię szybkie chwilówki recovery restaurant seo seo agencies seo company seo company london seo las vegas seo services services sky diamond seo solutions steel synchronization szybka chwilówka przykład szybka chwilówka żaden szybkie chwilówki lekko temp cover car insurance temp cover car insurance temp cover car insurance thread tymczasem chwilówki przez internet upvc windows manchester viagra kamagra videos vinyl flooring suppliers wait web development company window repairs london windows zobaczyć szybka chwilówka

User authentication on a Jersey REST service

0 votes

I am currently developing a REST application, which is using the Jersey framework. I would like to know a way that I can control user authentication. I have search a lot of places, and the closest article I have found is this: http://weblogs.java.net/blog/2008/03/07/authentication-jersey.

However this article can only be used whith a GlassFish server and a attached database. Is there anyway that I can implement an interface in Jersey and use it as a filter before reaching the requested REST resource?

I want to use basic authentication right now, but it should be flexible enough such that I can change that at a later time.

Thanks in Advance Stefan.

asked Jan 6, 2012 in Java/J2EE by anonymous
    

5 Answers

0 votes

I'm sucessfully using spring security for securing my Jersey-based API. It has pluggable authentication schemes allowing you to switch from Basic Auth to something else later. I'm not using Spring in general, just the security stuff.

Here is the relevant part from my web.xml

<listener> 
    <listener-class> 
        org.springframework.web.context.ContextLoaderListener 
    </listener-class> 
</listener> 
 
<context-param> 
    <param-name>contextConfigLocation</param-name> 
    <param-value> 
        /WEB-INF/security-applicationContext.xml, 
        /WEB-INF/applicationContext.xml 
    </param-value> 
</context-param> 
 
<!-- Enables Spring Security --> 
 
<filter> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <filter-class> 
        org.springframework.web.filter.DelegatingFilterProxy 
    </filter-class> 
    <init-param> 
        <param-name>targetBeanName</param-name> 
        <param-value>springSecurityFilterChain</param-value> 
    </init-param> 
</filter> 
 
<filter-mapping> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
 
</filter-mapping> 


	

You can leave applicationContext.xml empty (<beans></beans>). An example of the security-applicationContext.xml can be found here

answered Jan 6, 2012 by anonymous
0 votes

I'm working on something similar to this. In my implementation, we have Apache httpd front-ended to handle HTTP Basic authentication and it simply forwards all requests with some header information containing the user and roles.

From that, I'm working on parsing these pieces out using a servlet filter to wrap the HttpServletRequest using a post I found on CodeRanch. This allows me to use the javax.annotation.security annotations like @RolesAllowed on each resource I want to filter. To get all of these pieces working, however, I had to add the following to my servlet in the web.xml:

<servlet> 
  <!-- some other settings and such  
  ... --> 
  <init-param> 
    <param-name>com.sun.jersey.spi.container.ResourceFilters</param-name> 
    <param-value>com.sun.jersey.api.container.filter.RolesAllowedResourceFilterFactory</param-value> 
  </init-param> 
  ... 
</servlet> 

answered Jan 6, 2012 by anonymous
0 votes
Hello! kgbgbed interesting kgbgbed site! I'm really like it! Very, very kgbgbed good!
answered Dec 7, 2012 by anonymous
0 votes
Very nice site!
answered Dec 7, 2012 by anonymous
edited Dec 7, 2012 by admin
0 votes
Very nice site!
answered Dec 7, 2012 by anonymous
edited Dec 7, 2012 by admin
...