Hi Vaidya,
The Jersey client is not aware of being utilized within the context of
a JAAS "transaction" nor is it aware what HTTP authentication
mechanism to utilize. One could add a JAASFilter to the web resource
and provides the context and the HTTP authentication details.
From what you describe i think from an HTTP perspective what you
require is cookie management support, such that the client remembers
the cookies that were sent by the server that it must send back to the
server for certain URIs. By default the Jersey client does not support
cookie management, because the underlying HttpURLConnecton does not,
but you can utilize the Apache HTTP client support which can manage
cookies, see:
https://jersey.dev.java.net/nonav/documentation/latest/user-guide.html
#core_client
https://jersey.dev.java.net/nonav/apidocs/latest/contribs/jersey-apache-client/index.html
Paul.
On Aug 5, 2010, at 9:37 PM, vaidya nathan wrote:
> Hi,
>
> How do i use jersey client with a JAAS kind of authorization.
> My set up is I have jersey resources wrapping EJBs which has JAAS
> security in jboss 5.1 and i want to use jersey client(1.1.5) to hit
> them.
>
> I can hit my services directly like this , and this is how my tests
> currently work
> Login login = new Login();
> login.login("bootstrap", "bootpass", "127.0.0.1");
> Subject subject = login.getSubject();
> Subject.doAs(subject, new PrivilegedExceptionAction() {
> public Object run() throws Exception {
> // hit service directly with no problem .. The subject
> gets passed in appropriately and the EJBs have no auth. problems.
> }
>
> however, after wrapping the services with resources, when i try the
> same with my jersey client like this
> Login login = new Login();
> login.login("bootstrap", "bootpass", "127.0.0.1");
> Subject subject = login.getSubject();
> Subject.doAs(subject, new PrivilegedExceptionAction() {
> public Object run() throws Exception {
>
> WebResource webResource = new Client().resource(//
> some local uri which inturn calls the EJB beans );
> try {
> webResource.addFilter(new LoggingFilter());
> ClientResponse resp =
> webResource
> .accept
> ( MediaType
> .APPLICATION_JSON
> ) .type
> (MediaType.APPLICATION_XML).get(
> ClientResponse.class);
> }
> }
>
> i get a "Caller Unauthorized " error. Why isnt the jersey client not
> passing the Subject ? if i add Cookie as header specifically then it
> works but i dont want to keep logging in through the browser and
> inputting the JSESSION_ID parameter every time, especially when
> these are regression tests .If there is a way in which i can get the
> jsession_id programmatically then i can consider that option as well.
>
> Cheers
> Vaidya
>