Hello,
just as proof of concept i coded a little server from scratch, doing http-
digest authentication. That sample works fine - i.e. firefox pops up a dialog,
to enter credentials and server verifies/accepts authentication ...
Now I want to add the same behaviour to my jersey-services which use the
embedded grizzly server (so I don't want servlet like configurations):
I tagged the resource-class with @PermitAll
The resource uses subpaths and i tagged different methods with different roles.
I implemented a ContainerRequestFilter, which i registered to ResourceConfig.
Additionally I registered a RolesAllowedDynmaicFeature ...
May be I misunderstood the manual or missed something - behaviour of the
service is not as expected. Not at all.
Untagged resource methods or those tagged with @PermitAll trigger the
ContainerRequestFilter, which results in a 401 response (but wrong
Authenticate header). As the ContainerRequestFilter just vomits an exception,
I don't know, where to change code to get the headers right ...
The resource methods tagged with @RolesAllowed don't trigger the
ContainerRequestFilter, just respond with 403
What am I missing?
I'd like to use http digest authentication using request interceptors like
ContainerRequestFilter. I did not find any sample using digest authentication
without servlet configuration.
I found a sample related to jersey called atompub-contacts-server, but that
sample uses basic authentication and uses jersey 1.0.2 - which has slightly
different api (and uses internal classes :( ).
Any hint is appreciated.
br Django