I'd like to use basic auth on my J2SE/Grizzly Jersey server. I am not using
J2EE security.
Essentially, I just want a simple way to delegate Basic Auth checks to
database lookups.
Are there any examples of this? I think I know how to write it on my own
but I don't want to reinvent the wheel.
Without guidance I would take the following approach:
1. Setup an annotation for @ApiAuth or @UserAuth that I can use to
annotate resource request methods.
2. Create a filter that takes the "authorization" header, base64 decodes
the value. If the method is @ApiAuth then verify it matches my static API's
API_KEY and API_SECRET.
3. If it is @UserAuth ensure the value matches the user intended for the
url. These usually take the form of "/user/1/some_user_resource" where 1 is
the primary key of the user. So I would look up the user credentials at id
1 and ensure they match the user and password in the header.
4. If either of these don't match raise a not authorized exception.
That's pretty much it sans some caching and edge cases. Should I just
implement this or are there Jersey provided classes I'm not aware of or a
better approach to take?
Thanks!