1

I am writing a Restful webservice method,which require authorization first... such as a findItems method..which need username and password in Http Authorization the sample code:

@GET
@Produce(MediaType.APPLICATION_JSON)
public String findItems(){

...
}

how to verify the http authorization before the method excutes...

user996505
  • 1,209
  • 3
  • 15
  • 17
  • I'm afraid not, there are differences between JAX-RS and JAX-RS...My question is about JAX-RS. – user996505 Dec 05 '11 at 13:00
  • Is there a simple way that just to get Http Authorization(basic or digest) ? – user996505 Dec 05 '11 at 14:03
  • I can't understand your last question, can you elaborate? – perissf Dec 05 '11 at 14:09
  • HTTP 1.1 contains AUTHORIZATION ,right?..so can i access the authorization info in the header of this url,and verify the info? – user996505 Dec 05 '11 at 14:18
  • The way I suggested in my answer is the standard way of implementing security on RESTful web services in Java EE 6. Obviously you can implement it in other ways, but I can't help on that – perissf Dec 05 '11 at 14:45

2 Answers2

0

I use a user-type and role-type control with a basic JAAS authentication. After authentication, the client makes http GET requests to the REST web service. In my Facade get method, I inject the @Context SecurityContext as input parameter, and use if for user / role identification in order to provide the correct answer to the GET request, depending on the user's role.

See here for an example of what I mean: Using JaaS with Jersey on Grizzly

Community
  • 1
  • 1
perissf
  • 15,979
  • 14
  • 80
  • 117
0

you can use Filters so you can check the authorization

confucius
  • 13,127
  • 10
  • 47
  • 66