aspose file tools*
The moose likes Web Services and the fly likes How to Secure a Jax-RS Jersey Restful Web Service? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "How to Secure a Jax-RS Jersey Restful Web Service?" Watch "How to Secure a Jax-RS Jersey Restful Web Service?" New topic
Author

How to Secure a Jax-RS Jersey Restful Web Service?

kampo lunanson
Greenhorn

Joined: Sep 29, 2011
Posts: 3
Hi,
I am building a web service for an existing API. i want to guarantee authentication and authorization to users of the web service. I googled this and found many options like HTTPS(SSL), Basic+Digest auth. and even OAuth (3-legged or 2-legged).

So i just wonder what is the best solution in the scenario of a client (web app) communicating with my web service.

Thanks.
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
What are you trying to guard against?
kampo lunanson
Greenhorn

Joined: Sep 29, 2011
Posts: 3
The service provided should'nt be accessible by non authorized clients. Its not a public service.
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
So it's about authorization, not encryption?
kampo lunanson
Greenhorn

Joined: Sep 29, 2011
Posts: 3
I should say that my main objectives are to guarantee authentication(provide some credentials to access the service) and authorization(client can only access allowed resources).
I want to adopt the best security strategy to implement it based on Jersey JAX-RS ....

Thanks
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
You could use servlet authentication as set up in the web.xml file. In your REST resource class you can then get the HttpServletRequest object with which you can check whether an authenticated user has a particular role he needs for some specific action.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to Secure a Jax-RS Jersey Restful Web Service?