users@jersey.java.net

[Jersey] Re: Two legged Oauth 1 server example

From: Sobieralski, Damian Michael <dsobiera_at_indiana.edu>
Date: Thu, 24 Jul 2014 15:54:38 +0000

Any idea how others are using Oauth w/ Jersey if not through its own hooks? I read somewhere that there might be a Spring way to put Oauth on top of Jersey. My Jersey webservice isn’t Springified but I can do that if this gives me a better path to OAuth.

I have zero preference w/ OAuth 1 vs 2. I just want a 2 legged implementation no matter how I do it. For what it is worth knowing this is sitting in a Tomcat container.


From: Ted M. Young [@jitterted] [mailto:tedyoung_at_gmail.com]
Sent: Wednesday, July 23, 2014 10:48 PM
To: users_at_jersey.java.net
Subject: [Jersey] Re: Two legged Oauth 1 server example

Couldn't find much either, except for this: https://java.net/projects/jersey/lists/users/archive/2014-05/message/77 and http://jersey.576304.n2.nabble.com/OAuth-1-server-example-td7582128.html
Which seems to indicate that perhaps nobody's using it?

;ted


--
Ted M. Young
about.me/tedmyoung







On Wed, Jul 23, 2014 at 12:49 PM, Sobieralski, Damian Michael <dsobiera_at_indiana.edu<mailto:dsobiera_at_indiana.edu>> wrote:
I'm new to Jersey. But so far I am loving it! I have implemented a very basic RESTful webservice using Jersey 2.10

I've reached a point where I need to secure my webservice in some fashion. Oauth 1 seems like a good choice at first glance. However, I don't need 3 legged. The consumers of my webservice are within my own company so a 2 legged approach will suffice.

However, I cannot for the life of me find an example of how to do this (2 or 3 legged). The docs do a really good job starting out explaining Oauth but sort of leave it as an exercise to the user to finish an implementation :(

https://jersey.java.net/documentation/latest/security.html#d0e10929

I don't see how to actually secure my java webservice class - the thing with:

@GET
@Produces( { MediaType.APPLICATION_JSON, MediaType.TEXT_XML, MediaType.TEXT_PLAIN, MediaType.TEXT_HTML })

nor do I see how to setup the /oauth starting path and using the consumer and secret keys. Is there an annotation that I use in my webservice methods to secure it? Or some check that I need to do at the start of my method to make sure a 2 legged oauth session has passed the mustard?

I thought I found this as an example but this doesn't seem to be complete for me to use it.

http://stackoverflow.com/questions/2795404/authentication-and-authorization-for-restfull-api-java-jersery

Will a kind soul offer a link to an example or preferably a trivial code/config example to give me a boost in the right direction in implementing a 2 legged server approach in Jersey 2?

Thanks!

- Damian