Authentication in Jersey

2019-05-07 19:57发布

问题:

I want to implement authentication for my Jersey0based server/client REST but I'm not sure how exactly to lay out the code.

Basically for every operation I have 2 methods - 1 from the server side, 1 from the client side.

I've narrowed down the algorithm - I'm going to use the amazon strategy with HMAC.

The question is how to lay out this in the code - should I add the authentication (encryption/decryption code) into every method - both server/client side or should I have one "dispatch" method on both sides which would perform the encryption/decryption and then will transfer execution control to a more specialized version that way I will have 1 central place where authentication is done in both the client or the server?

I'm willing to hear your comments on that?

回答1:

Client side:

You just need to create ClientFilter and add it to the filter chain. You can have two clients (or more) for example one for authenticated requests and other one for other requests, so you should not waste any resources.

see http://jersey.java.net/nonav/apidocs/1.12/jersey/com/sun/jersey/api/client/filter/ClientFilter.html

Server side:

Similar to server side, you can implement Request/ResponseContainerFilter(s), which will handle authentication. These filters are global by default, but you can narrow down its scope by implementing ResourceFilterFactory and attach then only to appropriate resources (endpoints).

Or you could have 2 wars, one for "secure" resources and one for other.

see
http://jersey.java.net/nonav/apidocs/1.12/jersey/com/sun/jersey/spi/container/ResourceFilterFactory.html
http://jersey.java.net/nonav/apidocs/1.12/jersey/com/sun/jersey/spi/container/ContainerRequestFilter.html
http://jersey.java.net/nonav/apidocs/1.12/jersey/com/sun/jersey/spi/container/ContainerResponseFilter.html