JSR 196 and SAM questions
Michael Staszewski
Greenhorn
Posts: 16
posted 5 years ago
I apologize for the terrible subject. I was unable to put into few words what I want to ask. If you are reading this, thank you!
I'm exploring authentication mechanisms for my JAX-RS web service application. I first looked at basic. It's easy to implement, works well, and makes sense to me. I have a table in my repository (Oracle db) for users and am able to find user data in other tables in the repository through normal querying and FK relationships, etc.
I've recently been looking into other mechanisms and a Server Authentication Module (SAM) looks promising. It appears as though I'd be able to have an initial rollout supporting basic authentication with this and later expand it for OpenID or some other authentication process.
First, my company has a system in place that I can use to authenticate users. Let's assume that I setup a SAM to validate users against it and later want to support OpenID. Can I setup my container to go through a list of SAMs until one succeeds or all fail? Or, is there a way for me to customize my web service app or web.xml to use one module over another if a particular HTTP header is present? Am I thinking of this all wrong?
Second, what is a best (or good) practice for linking a user authenticated by a SAM to data in a repository? Suppose I have a table named DOCUMENTS and that table contains a column for document_data and another for user_id. A user uses my application to retrieve all of his/her documents. The user's credentials are validated using my SAM and they can then access the document service. The document service would like to query the DOCUMENTS table for all documents where user_id = <some_value>. What would typically be used there for <some_value>? In basic authentication this is all easy as I have a USERS table with usernames, passwords, IDs, etc. and the information is all in one location, but using a third party authentication module seems to separate two tightly coupled pieces of the repository. Does the SAM have some ability to return a unique ID for the user? Can my application interact with the SAM? My application is JAX-RS and all communication with it will be through the REST API.
Hopefully I have made myself clear. Any help is appreciated.
Thanks,
Michael
I'm exploring authentication mechanisms for my JAX-RS web service application. I first looked at basic. It's easy to implement, works well, and makes sense to me. I have a table in my repository (Oracle db) for users and am able to find user data in other tables in the repository through normal querying and FK relationships, etc.
I've recently been looking into other mechanisms and a Server Authentication Module (SAM) looks promising. It appears as though I'd be able to have an initial rollout supporting basic authentication with this and later expand it for OpenID or some other authentication process.
First, my company has a system in place that I can use to authenticate users. Let's assume that I setup a SAM to validate users against it and later want to support OpenID. Can I setup my container to go through a list of SAMs until one succeeds or all fail? Or, is there a way for me to customize my web service app or web.xml to use one module over another if a particular HTTP header is present? Am I thinking of this all wrong?
Second, what is a best (or good) practice for linking a user authenticated by a SAM to data in a repository? Suppose I have a table named DOCUMENTS and that table contains a column for document_data and another for user_id. A user uses my application to retrieve all of his/her documents. The user's credentials are validated using my SAM and they can then access the document service. The document service would like to query the DOCUMENTS table for all documents where user_id = <some_value>. What would typically be used there for <some_value>? In basic authentication this is all easy as I have a USERS table with usernames, passwords, IDs, etc. and the information is all in one location, but using a third party authentication module seems to separate two tightly coupled pieces of the repository. Does the SAM have some ability to return a unique ID for the user? Can my application interact with the SAM? My application is JAX-RS and all communication with it will be through the REST API.
Hopefully I have made myself clear. Any help is appreciated.
Thanks,
Michael
| Consider Paul's rocket mass heater. |