users@jersey.java.net

Re: security and auditing based on client SSL certificates

From: Martin Grotzke <martin.grotzke_at_javakaffee.de>
Date: Mon, 31 Mar 2008 11:50:52 +0200

On Sat, 2008-03-29 at 07:50 +0100, Gabor Szokoli wrote:
> Furthermore, my resource class should be aware of some identifyer of
> the client. (audit logs must be produced about every resource access)
Auditing may also be achieved via a servlet filter, that is mapped to
the jersey servlet. The filter might access the principal or read some
http header providing some application-ID and stores this information
together with the request URI and http method in the database.

Cheers,
Martin


On Sat, 2008-03-29 at 07:50 +0100, Gabor Szokoli wrote:
> Hi,
>
> Might be more of an Application Server question than a Jersey
> question, but you guys can probably at least help me phrase that
> question propery :-)
>
> I have implemented a simple web service with jersey, deploy it to
> GlassFish with the ServletContainer.
> I'd like to completely restrict access to the web service to clients
> with approved SSL certificates. (This is purely a Glassfish issue I
> assume)
> Furthermore, my resource class should be aware of some identifyer of
> the client. (audit logs must be produced about every resource access)
>
> Where do I start looking?
>
>
> Gabor Szokoli
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>