users@jersey.java.net

[Jersey] Question regarding jersey with OAuth1

From: Christian Widmann <christianwidmann_at_posteo.de>
Date: Tue, 23 Aug 2016 17:25:27 +0200

Hello,

currently I am implementing an API using jersey and the OAuth1 security
features. Everything is working fine, but I have questions regarding the
authentication:
1. jersey is a popular framework and OAuth1 is one of the best
authentication specifiations - why are there so less examples of working
applications out there? Do you know some example code?
2. When the client doesn't send any authentication at all, why doesn't
the OAuth1ServerFilter block this request and return a 403 error?
In the code I just read:
> do not filter requests that do not use OAuth authentication
https://github.com/jersey/jersey/blob/master/security/oauth1-server/src/main/java/org/glassfish/jersey/server/oauth1/OAuth1ServerFilter.java#L143

I assume that by default every request with a wrong Authentication
header should result in a propriate error. Do I have to implement my own
filter or did I forget something? Just with the usage of OAuth1 features
provided by jersey there should be a mechanism that only allows rightly
configured requests to be processed. At the moment, I can't find any
information that describes that.

It would be really nice if you could answer my questions or tell me
something that I haven't been seeing right now.

Thanks in advance and kind regards

Christian