REST Web service authentication

Bascially if i have a REST service and i wanted to avoid the unauthorized access .how do i go about it.

In a normal web application , we would be storing it in session object we would have some status stored (LoggedIn) something like that when it pass the authentication.

How do we do it.

I read somewhere about authentication header stuff .But it is not clear to me.

Are your clients going to be using web browsers or custom client programs?

Bill

Hi Vijay,

Try this for rest service authentication, but this uses spring security module. http://www.javacodegeeks.com/2012/12/authentication-against-a-restful-service-with-spring-security.html

Thanks,
Kesava.

Hi keshav,

Without spring security , we have our own auth module.

Only thing is that how do i pass my authentication detail once authenticated on every request.

Bill ,

It is web browser.

Depends on how you did the security. Did you use Basic over SSL? For Basic you just pass the base64 values in a header. Is your architecture purely stateless (it's strongly encouraged with REST).

P.S Custom security modules are always suspect.

Please try using Jersey's ContainerRequestFilters interface. Write a class implementing this interface. Override the method public ContainerRequest filter(ContainerRequest request).
ContainerRequest will provide you with all the references to get the Authorization header of the client request, which contains the request credentials. Use your custom auth module from here.
Add the above filter to your servlet definition in web.xml.

This will definitely help you to achieve your functionality.

Let me know if needed sample code snippet for this.

Thanks,
Kesava.