JAX-RS and custom authorization

前端 未结 2 709
伪装坚强ぢ
伪装坚强ぢ 2021-02-04 18:41

I\'m trying to secure the JAX-RS endpoint and am currently trying to figure out how the authentication and authorization work. Most examples are quite simple as they only piggyb

相关标签:
2条回答
  • 2021-02-04 19:11

    It all depends upon the JAX-RS implementation you're using. I'm using Jersey on embedded Jetty.

    SecurityHandler sh = new SecurityHandler();
    
    // the UserRealm is the collection of users, and a mechanism to determine if
    // provided credentials are valid
    sh.setUserRealm(new MyUserRealm());
    
    // the Authenticator is a strategy for extracting authentication credentials
    // from the request. BasicAuthenticator uses HTTP Basic Auth
    sh.setAuthenticator(new BasicAuthenticator());
    

    See How to Configure Security with Embedded Jetty

    Once you have the Principal in the HttpServletRequest, you can inject these into the context of the JAX-RS request.

    public abstract class AbstractResource {
        private Principal principal;
        @Context
        public void setSecurityContext(SecurityContext context) {
            principal = context.getUserPrincipal();
        }
        protected Principal getPrincipal() {
            return principal;
        }
    }
    
    @Path("/some/path")
    public class MyResource extends AbstractResource {
        @GET
        public Object get() {
            Principal user = this.getPrincipal();
            // etc
        }
    }
    
    0 讨论(0)
  • 2021-02-04 19:29

    Disclaimer: Don't role your own security framework unless you really, really, really, need one.

    Look at what the OAuth filter in Jersey does. It reads the Authorization header which holds credentials in a different format than those normally understood (HTTP Basic). It'll turn those credentials into roles which you can then use to implement security (@RolesAllowed) if you add in the Roles Allowed Filter which does the actually enforcement. Try looking at how those filters work.

    0 讨论(0)
提交回复
热议问题