Authentication in Jersey

一世执手 提交于 2019-12-07 09:16:21

问题


I want to implement authentication for my Jersey0based server/client REST but I'm not sure how exactly to lay out the code.

Basically for every operation I have 2 methods - 1 from the server side, 1 from the client side.

I've narrowed down the algorithm - I'm going to use the amazon strategy with HMAC.

The question is how to lay out this in the code - should I add the authentication (encryption/decryption code) into every method - both server/client side or should I have one "dispatch" method on both sides which would perform the encryption/decryption and then will transfer execution control to a more specialized version that way I will have 1 central place where authentication is done in both the client or the server?

I'm willing to hear your comments on that?


回答1:


Client side:

You just need to create ClientFilter and add it to the filter chain. You can have two clients (or more) for example one for authenticated requests and other one for other requests, so you should not waste any resources.

see http://jersey.java.net/nonav/apidocs/1.12/jersey/com/sun/jersey/api/client/filter/ClientFilter.html

Server side:

Similar to server side, you can implement Request/ResponseContainerFilter(s), which will handle authentication. These filters are global by default, but you can narrow down its scope by implementing ResourceFilterFactory and attach then only to appropriate resources (endpoints).

Or you could have 2 wars, one for "secure" resources and one for other.

see
http://jersey.java.net/nonav/apidocs/1.12/jersey/com/sun/jersey/spi/container/ResourceFilterFactory.html
http://jersey.java.net/nonav/apidocs/1.12/jersey/com/sun/jersey/spi/container/ContainerRequestFilter.html
http://jersey.java.net/nonav/apidocs/1.12/jersey/com/sun/jersey/spi/container/ContainerResponseFilter.html



来源:https://stackoverflow.com/questions/9462955/authentication-in-jersey

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!