On 09.01.2014, at 22:24, Joseph Mocker <mock_at_fakebelieve.org> wrote:
> Hi,
>
> I was just curious what folks have been using to secure and provide access control Jersey based REST services? In the past, I’ve used Spring Security which was relatively well integrated into the Jersey 1.x codebase, and was pretty flexible for what I wanted to do.
>
> Was just curious what other folks have done.
I have been following Eran Hammer's[1] developments and did some of his stuff in Java.
[2] Coontains all the relevant links IIRC.
A JAX-RS 2.0 client filter you find at [3] and I have a server side filter which is almost done, but not published. I could send that if you like to play with it.
I am using the whole technology for securing the REST API of an eCommerce site - what fascinates me the most is the stateless authentication Eran designed, you really do not have to bother with a credetials database in your service applications.
Feel free to get in touch off-list if you like to chat.
Jan
[1]
https://github.com/hueniverse
[2]
http://www.jalg.net/2013/05/beyond-oauth/
[3]
https://github.com/algermissen/hawkj-jaxrs-client
>
> I know this is a pretty broad question, more specifically, given a user base, provide the ability limit access to specific resources to specific individuals and groups.
>
> —joe
>
>