Alex Sherwin wrote:
> Generally, your container manages security (i.e. web.xml)
>
> For example, in glassfish, I configure security for a specific context
> to use a specific realm, which is defined in glassfish to be a JDBC
> realm.
>
> There may be other options, but I believe this is the most common
>
>
> Casper Bang wrote:
>> I am using an authorization scheme where username and md5 hash of the
>> password is the top-level context of my service:
>>
>> http://www.mysite.com/myjerseyapp/{username}:{md5}/
>> <http://www.mysite.com/myjerseyapp/%7Busername%7D:%7Bmd5%7D/>
>>
>> And it occurred to me I might be able to use basic http
>> authentication instead to conform to the existing standard. This
>> would also automatically pop-up an authorization dialog if people
>> access my resource without specifying credentials:
>>
>> http://{username}:{md5}@www.mysite.com/myjerseyapp/
>> <http://username%7D:%7Bmd5%7D@www.mysite.com/myjerseyapp/>
>>
>> However I can't find an example of setting this up with Jersey. I can
>> add some security-constraints to Tomcat's web.xml and use static user
>> info, but how would I intercept and pass along credentials to be
>> authorized dynamically, say in a database?
>>
For Tomcat specifically, see the documentation on "Realms" starting at
<
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html>. This is
configured inside a <Context> element in your server.xml file. If your
authentication information is in a database, you'll probably be most
interested in JDBCRealm, which lets you configure Tomcat for what table
to look at, and what column names contain the username and password.
Note that, in addition to authentication, you can also use this approach
to support authorization through assigning roles to users.
An alternative approach that would be independent of any particular
servlet container (but dependent on Jersey features) would be to write a
Jersey per-request filter to perform the authentication and
authorization duties. An example of this can be found in the
samples/atompub-contacts-server in the Jersey sources.
>> Thanks in advance,
>> Casper
>
Craig
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>