• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to Secure a Jax-RS Jersey Restful Web Service?

 
kampo lunanson
Greenhorn
Posts: 3
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I am building a web service for an existing API. i want to guarantee authentication and authorization to users of the web service. I googled this and found many options like HTTPS(SSL), Basic+Digest auth. and even OAuth (3-legged or 2-legged).

So i just wonder what is the best solution in the scenario of a client (web app) communicating with my web service.

Thanks.
 
Tim Moores
Bartender
Pie
Posts: 2488
4
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What are you trying to guard against?
 
kampo lunanson
Greenhorn
Posts: 3
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The service provided should'nt be accessible by non authorized clients. Its not a public service.
 
Tim Moores
Bartender
Pie
Posts: 2488
4
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So it's about authorization, not encryption?
 
kampo lunanson
Greenhorn
Posts: 3
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I should say that my main objectives are to guarantee authentication(provide some credentials to access the service) and authorization(client can only access allowed resources).
I want to adopt the best security strategy to implement it based on Jersey JAX-RS ....

Thanks
 
Tim Moores
Bartender
Pie
Posts: 2488
4
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You could use servlet authentication as set up in the web.xml file. In your REST resource class you can then get the HttpServletRequest object with which you can check whether an authenticated user has a particular role he needs for some specific action.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic