OK. So let me see if I understand what you’re suggesting: I already have client and server communicating with each other by sending XML requests via Jersey with a servlet implemented in web.xml.
So in addition to this, I would need a filter set to intercept request with a url pattern /rest/*. This filter can then call an authentication method.
This authentication method would have to reply to the client advising of user number for subsequent requests, but it could also write to a hashmap<userNumber, expiryDatetime> or database table, which records authenticated users.
I would then have a program running every hour or so which could then remove users from the hashmap, or delete them from the table, when their expiry datetime is met?
Does this sound viable?
From: Matthew Hall [mailto:mhall_at_mhcomputing.net]
Sent: 18 Jul 2013 16 19
To: users_at_jersey.java.net; Martin O'Shea
Subject: [Jersey] Re: Authenticating a REST user with Tomcat
You can store sessions in a hash with an expiry time, and then toss out expired requests with a Filter injected in the request path. LinkedHashMap is a good tool for tracking things which need to get cached and expired. You could also use memcache, Redis, etc.
--
Sent from my mobile device.
Martin O'Shea <appy74_at_dsl.pipex.com> wrote:
Hello
I am a REST newbie and I’m in the process of setting up a web service with Jersey. I already have client and server communicating with each other by sending XML requests. And I would like the user of the client, an android app, to be authenticated by the server for a set period of time and then have to re-authenticate after that time has expired.
Can anyone suggest anything?
Thanks
Martin O’Shea.