0

Well I am new to Java web services and I need to develop a quick application with some basic security. I am developing some REST services with JAVA, let say: http://www.example.com/customer (is the URL for CRUD with POST, GET, PUT, DELETE), http://www.example.com/product (is the URL for CRUD with POST, GET, PUT, DELETE), now I want admin users to perform all CRUD operations over products. Also I want customers to perform only GET on products, and I want to give them the possibility to register in DB. i.e. the customer can register and than can see products and can buy. The problem is that when I try to implement security I need to manually add a customer (a user) from glassfish admin console. How can I implement such functionality:

1) An non authenticated user try to see products through ../product

2) The application return a 401 request.

3) The user register as a customer to application (let say through POST ../customer)

4) The user try to see products again (as an authenticated customer) and the application return the products.

5) The user try to create products and it receives a 401 error code.

Thank you in advance, Elvis.

Elvis
  • 817
  • 1
  • 7
  • 19

1 Answers1

0

You can either use session management as provided by the container, or implement it yourself. Sessions are required because HTTP (which REST it built on top of) is stateless.

There's a number of Jersey + Jackson tutorials out there which give you pet-store style functionality (if you Google).

User Authentication a Jersey REST service using Spring Security is detailed here: User authentication on a Jersey REST service

Community
  • 1
  • 1
Dan Hardiker
  • 3,013
  • 16
  • 19
  • As I stated in my question I am new to web services so I would appreciate if you point me to some related tutorials. Thank you. – Elvis Jan 08 '12 at 14:50
  • http://stackoverflow.com/questions/2902427/user-authentication-on-a-jersey-rest-service – Dan Hardiker Jan 08 '12 at 14:54