users@jersey.java.net

[Jersey] HTTPDigestAuthFilter

From: tomaz <tomaz.majerhold_at_arnes.si>
Date: Thu, 04 Apr 2013 11:07:15 +0200

I'm trying to secure REST service on Glassfish with DIGEST config, and on client side I'm trying with HTTPDigestAuthFilter, but from server I get This
request requires HTTP authentication ():

server LOG:
---------------
FINE: Login module initialized: class com.sun.enterprise.security.auth.login.FileLoginModule
SEVERE: SEC1105: A PasswordCredential was required but not provided.
FINE: JAAS authentication aborted.
INFO: SEC5046: Audit: Authentication refused for
WARNING: WEB9102: Web Login Failed: com.sun.enterprise.security.auth.login.common.LoginException: Login failed: No credentials.



Environment:
--------------
OS := Windows
java := 1.6.0_10
glassfish := GlassFish Server Open Source Edition 3.1.2.2 (build 5)
jersey := 1.11.1-1.0


glassfish web.xml:
------------------
...
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
....

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Protected Area</web-resource-name>
        <url-pattern>/secure/*</url-pattern>
        <http-method>PUT</http-method>
        <http-method>DELETE</http-method>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>users</role-name>
    </auth-constraint>
</security-constraint>

<login-config>
        <auth-method>DIGEST</auth-method>
          <realm-name>file</realm-name>
</login-config>

<security-role>
          <role-name>users</role-name>
</security-role>


file Realm:
-------------
I add user and group for that user


Client side:
---------------

<dependency>
        <groupId>com.sun.jersey</groupId>
        <artifactId>jersey-client</artifactId>
        <version>1.17</version>
        <type>jar</type>
</dependency>

and in java code I have

com.sun.jersey.api.client.Client client = Client.create(new DefaultClientConfig());
client.addFilter(new HTTPDigestAuthFilter(user, pass));

HTTP request:
--------------
PUT /upis-api-server/users/jguli3/expired/notify HTTP/1.1
Accept: application/xml
Authorization: Digest
username="script",realm="file",nonce="1365066105656:9a1b10ce7c06c77ccbb6cda0d205ef3260bb123c0ec38c43bd59ad614fef3866",opaque="DBE472A52B1B054DC4487F06F86FA637",qop=auth,uri="/upis-api-server/users/jguli3/expired/notify",cnonce="e39f4539",nc=00000001,response="1cb4ccde1c45611f11ee5148d3b2e319"
User-Agent: Java/1.6.0_10
Host: localhost:9090
Connection: keep-alive

HTTP response:
--------------
HTTP/1.1 401 Unauthorized
X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.2.2 Java/Sun Microsystems Inc./1.6)
Server: GlassFish Server Open Source Edition 3.1.2.2
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 01:00:00 CET
WWW-Authenticate: Digest realm="file", qop="auth", nonce="1365066105937:dbb84e1f02dc5f90d2e85b90b395f5d84338d5e038fecc620619c1042b18fae8",
opaque="DBE472A52B1B054DC4487F06F86FA637"
Content-Type: text/html

Summery:
---------
When I'm using BASIC auth then everything work fine, but when I'm switching to DIGEST then no auth far call:
SEVERE: SEC1105: A PasswordCredential was required but not provided.


Is there any working example, or what I'm doing wrong

Regards, Tomaz
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.