Answering my own question, looks like it was possible via a custom
ResourceFilterFactory. I took the example code from the SecurityFilter
ContainerRequestFilter and adapted it to be a ResourceFilterFactory instead.
Here's the updated sample code:
http://pastie.org/1530248
From here it should hopefully be straightforward to check for the presence
of oAuth as well as the http auth headers in order to support both
mechanisms.
Ed
On Fri, Feb 4, 2011 at 12:39 PM, Ed Anuff <ed_at_anuff.com> wrote:
>
> I'm wondering how to do the following. I'd like to, at the resource level,
> be able to check the headers and perform authorization based on either
> supplied basic auth or oauth credentials. I looked at the SecurityFilter
> example in atompub-contacts-server and https-clientserver-grizzly, and
> that's the type of check I want to do, except that I need to use some path
> parameters before I do that sort of check. As a last resort, I suppose I
> could parse the path, but it seems like this would be something to try to do
> with ResourceFilter. An good examples I should look at?
>
> Ed
>