0

I would like to implement simple authentication with RESTEasy and JAX-RS so that only user with the correct username and password can access the service. My web app code is something like this:

@GET
@Path("/{param}")
public Response printMessage(@PathParam("param") String msg, @Context HttpHeaders headers) {
    String result = null;
    String username = headers.getRequestHeader("username").get(0);
    String password = headers.getRequestHeader("password").get(0);
    if(username.equals("hello2017") && password.equals("bye")) { 
        result =  "Restful example : " + msg + " from " + headers.getRequestHeader("user-agent").get(0) + " " + headers.getRequestHeader("username").get(0)+ " " + headers.getRequestHeader("password").get(0) + " " + hashString2( headers.getRequestHeader("password").get(0));
        return Response.status(200).entity(result).build();
    }else {
        result="Not Authorized";
        return Response.status(404).entity(result).build();
        //
    }
}

My web.xml looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
    <display-name>Location Service</display-name>

    <context-param>
        <param-name>resteasy.resources</param-name>
        <param-value>de.locationservice.LocationService</param-value>
    </context-param>

    <listener>
        <listener-class>
            org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap
        </listener-class>
    </listener>
    <servlet>
        <servlet-name>resteasy-servlet</servlet-name>
        <servlet-class>
            org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher
        </servlet-class>
    </servlet>

    <servlet-mapping>
        <servlet-name>resteasy-servlet</servlet-name>
        <url-pattern>/*</url-pattern>
    </servlet-mapping>

</web-app>

But I don't think that this is the proper way to do that as I only implement a simple authentication with it. I am trying to follow this but I still don't understand about it as I am new in this topic.

Ihsan Haikal
  • 1,085
  • 4
  • 16
  • 42
  • 1
    it is incorrect in java to compare strings with '==' use equals method instead – Vlad Bochenin Jul 10 '18 at 15:51
  • 1
    Possible duplicate of [How do I compare strings in Java?](https://stackoverflow.com/questions/513832/how-do-i-compare-strings-in-java) – rkosegi Jul 10 '18 at 15:51
  • 2
    Beside the fact that you are incorrectly comparing strings, why are you trying to implement own security mechanism? What's wrong with eg. basic? Did you read offcial docs on [securing RESTEasy](https://docs.jboss.org/resteasy/docs/2.2.0.GA/userguide/html/Securing_JAX-RS_and_RESTeasy.html)? – rkosegi Jul 10 '18 at 15:53
  • 1
    And of course `404` is status code for `resource not found`. You need to use `401` for `unauthorized` – rkosegi Jul 10 '18 at 16:05
  • @VladBochenin that's true I forgot about that. Thanks! – Ihsan Haikal Jul 10 '18 at 16:08
  • @rkosegi I just learned about JAX-RS and RESTEasy so I don't know about how to properly secure RESTEasy. But from what I read I need to give somehow role, but how do I assign role for the successful authentication? Does it need database for that? – Ihsan Haikal Jul 10 '18 at 16:18
  • @rkosegi I have updated the question to be more approriate to the topic – Ihsan Haikal Jul 10 '18 at 16:59

0 Answers0