stackoom
  简体   繁体   中英

How to Login a User into my RESTFul Webservice for use with javax.ws.rs.core.SecurityContext

 原文  2013-06-08 15:38:13       java/ rest/ security/ java-ee-6

Question

I am currently stuck at implementing security into my RESTFul Webservice. I have found out that there is a SecurityContext which is easy to use and then again got stuck at putting my user information into it. 

@GET
@Path("item/{item_id}")
@Produces(MediaType.APPLICATION_JSON)
public Item getItem(@Context SecurityContext sc, @PathParam("item_id") Long id)
{

    if(!sc.isSecure())
        throw new SecurityException("You have to use a secure connection!");
    if(!sc.isUserInRole("admin"))
    {
        throw new SecurityException("You have to be an admin to access this information");
    }
    return itemFacade.find(id);
}

So my problem is that I need to write a Login for my Webservice but I don't know how to do so (so I can use it with the SecurityContext object). If there is no possibility to use the SecurityContext Object I would appreciate it if you could get me some links so I could work through them. Also it has to be up-to-date technology, meaning if it is possible without modifying the web.xml file and only managing this with Annotations, this would probably the best approach.

I am working with NetBeans 7.3, JavaEE6 and use GlassFish as Application Server.

1 answers

solution1
 0  2013-06-08 15:51:32

For Authentication and authorization, you should consider using JAAS. The JAAS API consists of a set of Java packages designed for user authentication and authorization. It implements a Java version of the standard Pluggable Authentication Module (PAM) framework and compatibly extends the Java 2 Platform's access control architecture to support user-based authorization. JAAS was first released as an extension package for JDK 1.3 and is bundled with JDK 1.4+. Because the JBossSX framework uses only the authentication capabilities of JAAS to implement the declarative role-based J2EE security model, this introduction focuses on only that topic.

JAAS authentication is performed in a pluggable fashion. This permits Java applications to remain independent from underlying authentication technologies and allows the JBossSX security manager to work in different security infrastructures. Integration with a security infrastructure can be achieved without changing the JBossSX security manager implementation. All that needs to change is the configuration of the authentication stack that JAAS uses.

Here are the tutorials for your further help:

http://www.kopz.org/public/documents/tomcat/jaasintomcat.html

http://www.javacodegeeks.com/2012/06/java-jaas-form-based-authentication.html

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Error No primary or default constructor found for interface javax.ws.rs.core.SecurityContext How to use javax.ws.rs.core.Feature with CXF? how to check what exacly request i send to restful webservice via restful client (javax.ws.rs.client) SEVERE: Servlet /SAIRAM-SERVICE threw load() exception java.lang.NoClassDefFoundError: javax/ws/rs/core/SecurityContext How to Parse javax.ws.rs.core.Response how to add a Hashset to a javax.ws.rs.core.Response in java How set Response body in javax.ws.rs.core.Response How to get the body(content) of javax.rs.ws.core.Response? How to get instance of javax.ws.rs.core.UriInfo HttpServletResponse to javax.ws.rs.core.Response
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM