0


How can I achieve user auth on Jersey 1.18 under Tomcat6? Tomcat6 use Realms (cannot be used for now) or Servlets (with dispatcher logic if user can call URI or not). Jersey has ServletContainer with filters, but I can't find any for this goal.
What I need is:

  1. Retrieve user name (httpReq.getRemoteUser())
  2. Load user role from DB
  3. Check access for URI by user role and throw 401

With which Class/Jersey.Filter/Jersey.Servlet can be step 3 processed?
I am really sorry, Realms are very handfull, but this server has own Realm modul and for security reasons it cannot be reimplemented. I am worry about using Http Servlets because of Jersey Servlet Container existence.
Thanks for your advices ;-)

zegee29
  • 934
  • 7
  • 8
  • Hi! I would do an authenticationFilter, you have quite a few answers you can look at, e.g. [this one](http://stackoverflow.com/questions/23231511/jersey-2-how-to-create-custom-http-param-binding/23383460#23383460). However, I took a quick look to the documentation of Jersey 1.18 and it's really old! I don't think you can do it the same way in Jersey 1.18. I guess the only way is to add a filter at the tomcat level, if authentication is ok you pass the request to Jersey, if not you return error code. Hope it helps. – lrnzcig Feb 25 '15 at 19:20
  • Ok, thanks for advise. I accept it as answer, because I (already) know that Tomcat.Filter solution exists, but still hoped for Jersey 1.18 solution. Thanks for that, because "there is no solution" is solution :-) – zegee29 Mar 02 '15 at 09:23

1 Answers1

0

By: lrnzcig Feb 25 at 19:20
Hi! I would do an authenticationFilter, you have quite a few answers you can look at, e.g. this one. However, I took a quick look to the documentation of Jersey 1.18 and it's really old! I don't think you can do it the same way in Jersey 1.18. I guess the only way is to add a filter at the tomcat level, if authentication is ok you pass the request to Jersey, if not you return error code. Hope it helps.

zegee29
  • 934
  • 7
  • 8