This week's book giveaway is in the JavaScript forum.
We're giving away four copies of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js and have Paul Jensen on-line!
See this thread for details.
Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

AOP with endpoints?  RSS feed

 
Thomas May
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm trying to lock down a webservice using tomcat and Javax restful webservices. Some of the endpoints need to be available to the public, but by default they should require an authenticated user.

What I would like to do is something like this



With the end goal being that the developer has to actively go out and specify which methods don't require authentication (Rather than requiring the developer to actively secure endpoints).

Any thoughts on how to best go about this? I would really like it if somehow I could apply an annotation and then in something like a serverlet filter check for the existence of that annotation to determine what should be done about authentication.

I don't really want the route of "Apply the authentication filter to all resources in this path", though that would accomplish the same task. (What I don't like about that is it requires specific knowledge that all endpoints in path X are secured while endpoints in path Y are not. I would rather say "All endpoints are secured unless specifically excluded").
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!