Accessing Security by Service Layer Clients

Service Layer clients will deploy service layer to middle-ware container such as Weblogic, Websphere or Tomcat Servlet container. The clients can pass username and Base64 encoded password as Authorization header via Java, JavaScript (or JQuery) client. If the client is a browser then most of the browsers ignore Authorization headers and would prompt with browser authentication dialog.

The user, password exchange has to be over HTTPS to be more secured.

Here is a sample REST Client in JQuery.

jquery Client
`<!DOCTYPE html>` `<html>` `<head>` `<title>Service Layer jQuery</title>` `<script src="></script>` `<script>` `$(document).ready(function() {` `$.ajax({` `beforeSend:` `function` `(xhr) {` `xhr.setRequestHeader ("Authorization",` `"Basic "` `+ btoa('username:Password'));` `},` `type:` `"GET",` `crossDomain:` `true,` `contentType:` `"application/json; charset=utf-8",` `dataType:` `'json',` `async:` `false,` `cache:` `false,` `url:` `",` `success:` `function(data) {` `console.log('success'` `+ JSON.stringify(data) );` `$("#results").append(JSON.stringify(data));` `},` `error:` `function(data) {` `console.log('error'` `+ JSON.stringify(data) );` `$("#results").append(data);` `}` `})` `});` `</script>` `</head>` `<body>` `<div>` `<p id="results">The content is </p>` `</div>` `</body>` `</html>`

jquery Client

<!DOCTYPE html>
                                                            

<html>
                                                            

 <head>
                                                            

 <title>Service Layer jQuery</title>
                                                            

 <script src="></script>
                                                            

 <script>
                                                            

 $(document).ready(function() {
                                                            

 $.ajax({
                                                            

 beforeSend: function (xhr) {
                                                            

 xhr.setRequestHeader ("Authorization", "Basic " + btoa('username:Password'));
                                                            

},

 type: "GET",
                                                            

 crossDomain: true,
                                                            

 contentType: "application/json; charset=utf-8",
                                                            

 dataType: 'json',
                                                            

 async: false,
                                                            

 cache: false,
                                                            

 url: ",
                                                            

 success: function(data) {
                                                            

 console.log('success' + JSON.stringify(data) );
                                                            

 $("#results").append(JSON.stringify(data));
                                                            

},

 error: function(data) {
                                                            

 console.log('error' + JSON.stringify(data) );
                                                            

 $("#results").append(data);
                                                            

}

})

});

 </script>
                                                            

 </head>
                                                            

 <body>
                                                            

 <div>
                                                            

 <p id="results">The content is </p>
                                                            

 </div>
                                                            

 </body>
                                                            

</html>
                                                            