• Post Reply Bookmark Topic Watch Topic
  • New Topic

REST Web service authentication  RSS feed

 
vijay jacob
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Bascially if i have a REST service and i wanted to avoid the unauthorized access .how do i go about it.

In a normal web application , we would be storing it in session object we would have some status stored (LoggedIn) something like that when it pass the authentication.

How do we do it.

I read somewhere about authentication header stuff .But it is not clear to me.
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13078
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are your clients going to be using web browsers or custom client programs?

Bill
 
Kesava Krishna
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Vijay,

Try this for rest service authentication, but this uses spring security module. http://www.javacodegeeks.com/2012/12/authentication-against-a-restful-service-with-spring-security.html

Thanks,
Kesava.
 
vijay jacob
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi keshav,

Without spring security , we have our own auth module.

Only thing is that how do i pass my authentication detail once authenticated on every request.

Bill ,

It is web browser.
 
E Armitage
Rancher
Posts: 989
9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Depends on how you did the security. Did you use Basic over SSL? For Basic you just pass the base64 values in a header. Is your architecture purely stateless (it's strongly encouraged with REST).

P.S Custom security modules are always suspect.
 
Kesava Krishna
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please try using Jersey's ContainerRequestFilters interface. Write a class implementing this interface. Override the method public ContainerRequest filter(ContainerRequest request).
ContainerRequest will provide you with all the references to get the Authorization header of the client request, which contains the request credentials. Use your custom auth module from here.
Add the above filter to your servlet definition in web.xml.

This will definitely help you to achieve your functionality.

Let me know if needed sample code snippet for this.

Thanks,
Kesava.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!