Authentication in Jersey

2019-05-07 20:01发布

站内问答 / Java
565 1 4

I want to implement authentication for my Jersey0based server/client REST but I'm not sure how exactly to lay out the code.

Basically for every operation I have 2 methods - 1 from the server side, 1 from the client side.

I've narrowed down the algorithm - I'm going to use the amazon strategy with HMAC.

The question is how to lay out this in the code - should I add the authentication (encryption/decryption code) into every method - both server/client side or should I have one "dispatch" method on both sides which would perform the encryption/decryption and then will transfer execution control to a more specialized version that way I will have 1 central place where authentication is done in both the client or the server?

I'm willing to hear your comments on that?

1条回答
兄弟一词,经得起流年.
2楼-- · 2019-05-07 20:42

Client side:

You just need to create ClientFilter and add it to the filter chain. You can have two clients (or more) for example one for authenticated requests and other one for other requests, so you should not waste any resources.

see http://jersey.java.net/nonav/apidocs/1.12/jersey/com/sun/jersey/api/client/filter/ClientFilter.html

Server side:

Similar to server side, you can implement Request/ResponseContainerFilter(s), which will handle authentication. These filters are global by default, but you can narrow down its scope by implementing ResourceFilterFactory and attach then only to appropriate resources (endpoints).

Or you could have 2 wars, one for "secure" resources and one for other.

see
http://jersey.java.net/nonav/apidocs/1.12/jersey/com/sun/jersey/spi/container/ResourceFilterFactory.html
http://jersey.java.net/nonav/apidocs/1.12/jersey/com/sun/jersey/spi/container/ContainerRequestFilter.html
http://jersey.java.net/nonav/apidocs/1.12/jersey/com/sun/jersey/spi/container/ContainerResponseFilter.html

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)