Generally, your container manages security (i.e. web.xml)
For example, in glassfish, I configure security for a specific context
to use a specific realm, which is defined in glassfish to be a JDBC realm.
There may be other options, but I believe this is the most common
Casper Bang wrote:
> I am using an authorization scheme where username and md5 hash of the
> password is the top-level context of my service:
>
> http://www.mysite.com/myjerseyapp/{username}:{md5}/
> <http://www.mysite.com/myjerseyapp/%7Busername%7D:%7Bmd5%7D/>
>
> And it occurred to me I might be able to use basic http authentication
> instead to conform to the existing standard. This would also
> automatically pop-up an authorization dialog if people access my
> resource without specifying credentials:
>
> http://{username}:{md5}@www.mysite.com/myjerseyapp/
> <http://username%7D:%7Bmd5%7D@www.mysite.com/myjerseyapp/>
>
> However I can't find an example of setting this up with Jersey. I can
> add some security-constraints to Tomcat's web.xml and use static user
> info, but how would I intercept and pass along credentials to be
> authorized dynamically, say in a database?
>
> Thanks in advance,
> Casper