• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • paul wheaton
  • Ron McLeod
  • Devaka Cooray
Sheriffs:
  • Jeanne Boyarsky
  • Liutauras Vilda
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Carey Brown
  • Piet Souris
Bartenders:

REST Web service authentication

 
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Bascially if i have a REST service and i wanted to avoid the unauthorized access .how do i go about it.

In a normal web application , we would be storing it in session object we would have some status stored (LoggedIn) something like that when it pass the authentication.

How do we do it.

I read somewhere about authentication header stuff .But it is not clear to me.
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Are your clients going to be using web browsers or custom client programs?

Bill
 
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Vijay,

Try this for rest service authentication, but this uses spring security module. http://www.javacodegeeks.com/2012/12/authentication-against-a-restful-service-with-spring-security.html

Thanks,
Kesava.
 
vijay jacob
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi keshav,

Without spring security , we have our own auth module.

Only thing is that how do i pass my authentication detail once authenticated on every request.

Bill ,

It is web browser.
 
Rancher
Posts: 989
9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Depends on how you did the security. Did you use Basic over SSL? For Basic you just pass the base64 values in a header. Is your architecture purely stateless (it's strongly encouraged with REST).

P.S Custom security modules are always suspect.
 
Kesava Krishna
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Please try using Jersey's ContainerRequestFilters interface. Write a class implementing this interface. Override the method public ContainerRequest filter(ContainerRequest request).
ContainerRequest will provide you with all the references to get the Authorization header of the client request, which contains the request credentials. Use your custom auth module from here.
Add the above filter to your servlet definition in web.xml.

This will definitely help you to achieve your functionality.

Let me know if needed sample code snippet for this.

Thanks,
Kesava.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic