Some more info... if you modify the web.xml security and change it from
FORM to BASIC, for example:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>admin</realm-name>
</login-config>
you will utilize authentication that does not break REST constraints.
You will notice that the browser pops up dialog bog to enter the user
name and password. For example, if you undeploy and redeploy the app
then you don't have to re-log-in because the application is no longer
dependent on previous requests.
Hope all this helps, it has been rather instructive for myself as well
playing with all this. The web container configuration is a little
easier than i originally thought...
Paul.
Paul Sandoz wrote:
> Paul Sandoz wrote:
>> You might find this article helpful:
>>
>> http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html
>>
>> if you want to using standard form-based security using a Web
>> container rather than doing your own thing. But i need to verify
>> whether it is compatible with Jersey....
>>
>
> I just verified, based on this example, i can use the form based
> authentication with Glassfish and JAX-RS resources.
>
> Attached is a very simple example. If using Glassfish you need to
> configure GF to map the role name "admin" to a user called "admin". Use
> the admin console and goto the Configuration->Security->Realms->file and
> add a user whose ID is "admin".
>
> Paul.
>
>> Paul.
>>
>>> Jon
>>>
>>> ------------------------------------------------------------------------
>>> *From:* Jonathan Cook - Online
>>> *Sent:* 04 April 2008 14:11
>>> *To:* users_at_jersey.dev.java.net
>>> *Subject:* HttpSession
>>>
>>> Hi,
>>>
>>> Probably a very simple question so apologies in advance but can you
>>> get at the HttpSession from within a resource class in a similar way
>>> that a Servlet class can?
>>>
>>> For example if people are logging on to an application with
>>> username/password could I store their username in the session. Maybe
>>> this goes against some RESTful principles and there is a different
>>> approach for this type of stuff but its all quite new to me.
>>>
>>> Thanks
>>> Jon
>>>
>>>
>>>
>>> http://www.bbc.co.uk
>>> This e-mail (and any attachments) is confidential and may contain
>>> personal views which are not the views of the BBC unless specifically
>>> stated.
>>> If you have received it in error, please delete it from your system.
>>> Do not use, copy or disclose the information in any way nor act in
>>> reliance on it and notify the sender immediately.
>>> Please note that the BBC monitors e-mails sent or received.
>>> Further communication will signify your consent to this.
>>
>
>
> ------------------------------------------------------------------------
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
--
| ? + ? = To question
----------------\
Paul Sandoz
x38109
+33-4-76188109