This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Web Services and the fly likes JSR 196 and SAM questions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "JSR 196 and SAM questions" Watch "JSR 196 and SAM questions" New topic
Author

JSR 196 and SAM questions

Michael Staszewski
Greenhorn

Joined: Oct 10, 2011
Posts: 16
I apologize for the terrible subject. I was unable to put into few words what I want to ask. If you are reading this, thank you!

I'm exploring authentication mechanisms for my JAX-RS web service application. I first looked at basic. It's easy to implement, works well, and makes sense to me. I have a table in my repository (Oracle db) for users and am able to find user data in other tables in the repository through normal querying and FK relationships, etc.

I've recently been looking into other mechanisms and a Server Authentication Module (SAM) looks promising. It appears as though I'd be able to have an initial rollout supporting basic authentication with this and later expand it for OpenID or some other authentication process.

First, my company has a system in place that I can use to authenticate users. Let's assume that I setup a SAM to validate users against it and later want to support OpenID. Can I setup my container to go through a list of SAMs until one succeeds or all fail? Or, is there a way for me to customize my web service app or web.xml to use one module over another if a particular HTTP header is present? Am I thinking of this all wrong?

Second, what is a best (or good) practice for linking a user authenticated by a SAM to data in a repository? Suppose I have a table named DOCUMENTS and that table contains a column for document_data and another for user_id. A user uses my application to retrieve all of his/her documents. The user's credentials are validated using my SAM and they can then access the document service. The document service would like to query the DOCUMENTS table for all documents where user_id = <some_value>. What would typically be used there for <some_value>? In basic authentication this is all easy as I have a USERS table with usernames, passwords, IDs, etc. and the information is all in one location, but using a third party authentication module seems to separate two tightly coupled pieces of the repository. Does the SAM have some ability to return a unique ID for the user? Can my application interact with the SAM? My application is JAX-RS and all communication with it will be through the REST API.

Hopefully I have made myself clear. Any help is appreciated.

Thanks,
Michael
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: JSR 196 and SAM questions
 
Similar Threads
Debugging HTTP 500
Sample Questions for 288 - Need answers
Any feedback for SCDJWS Beta?
How I can recoup an information of the one session web service ?
problem