users@jersey.java.net

Re: [Jersey] x.509 security question

From: John Calcote <john.calcote_at_gmail.com>
Date: Wed, 08 Sep 2010 13:40:24 -0600

 Martin,

Thanks very much. This looks like the right way to go. I'll just extend
ResourceFilterFactory with my own SecurityAuthorizer class.

I can see how you'd configure this resource filter factory in the server
init method for normal jersey servlets, but I also happen to be using
Jersey Spring support, so I'm injecting my initialization code. Now I'll
have to figure out how to inject the ResourceFilterFactory into the init
path.

Regards,
John

On 9/8/2010 12:37 PM, Martin Matula wrote:
> Hi John,
> Instead of adding a static call to each method, you can implement it
> using a filter. For example, look at the
> RolesAllowedResourceFilterFactory
> (https://jersey.dev.java.net/nonav/apidocs/1.4-SNAPSHOT/jersey/index.html?com/sun/jersey/api/core/DefaultResourceConfig.html)
> or the OAuthServerFilter
> (https://jersey.dev.java.net/nonav/apidocs/1.4-SNAPSHOT/contribs/jersey-oauth/oauth-server/index.html).
> Martin
>
> On Sep 8, 2010, at 8:14 PM, John Calcote wrote:
>
>> Hi all -
>>
>> I'm working on a service that restricts all access to a single user,
>> identified by x.509 certificate. Thus, authentication is certificate
>> based, and authorization for that user must be done on each service
>> endpoint within the service.
>>
>> What I'd like to hear is that there's an access point provided by jersey
>> for authorizing any attempt to access a given service. Is this possible?
>> If not, then my approach would be to add a static call to the top of
>> each endpoint that potentially throws a WebApplicationException(401) if
>> the user is unauthorized.
>>
>> Any advice would be much appreciated.
>>
>> Thanks in advance,
>> John
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
>> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.