Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Alexey Terekhin2013-10-31 14:17:45
Java
Alexey Terekhin, 2013-10-31 14:17:45

How to implement authentication and authorization of web services?

Good afternoon.
Got a question. How can you still implement container-independent authorization for a web application?
What has been tried:
Configuring JAAS on Glassfish4
What did not suit:
We need to configure the container. And I wouldn't want to do that. Ideally, I would like to resolve everything with a code.
What were the problems:
When writing my own ContextRequestFilter for Jesrey RESTful service, everything worked. Used for example BASIC authorization. View annotations are now working
RolesAllowed etc. But! They only work with resource classes. If the class is annotated as @Stateless for example, then this filter does not work for it. Digging deep yielded such results. When we filter requests, we create our own SecurityContext that works for resource classes. But @Stateless already use their own EJBContext, which can not be reached in any way except through the container setting. I really want to do all this within the framework of the standard and as much as possible regardless of the platform.
I would love to hear your options and thoughts on this.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
B
baadf00d, 2013-10-31
@baadf00d

spring security seems to be quite independent, although to be honest, I used it exclusively under tomcat :)

Report
V
Vladimir Smirnov, 2013-11-01
@bobzer

It seems to me that in order not to depend on the container, there are two main options:
1. Do it yourself . For example, in the business logic of a web service, add the fields that are needed for authorization (user / password, for example). Dumb and very simple method. Perhaps its only plus is 100% control over the process in your business logic, and even then, if you really need this control.
2. Use some common standard implemented by all known containers. That is, independence from the container with this approach implies that if the standard is implemented everywhere, then you don’t have to worry about surprises when you change the container. For example, WS-Security is a common, stable standard.
By the way, a mixture of the two approaches can also take place. For example, I used the WS-Security standard, but since I needed additional processing, I abandoned the container implementation and wrote my own handler.
In general, there can be many options, it all depends on the time available and the desire to search and understand.

Report
A
Alexey Terekhin, 2013-11-07
@daron666

I think it will be interesting. I went this way jaspic tutorial .

Similar questions
R
ravlex2016-06-27 10:07:42
How to make such a map adaptive? 3Reply
V
Vladimir Gorbunov2015-04-20 12:35:48
How to embed a calculator in wordpress on a specific page? 4Reply
A
Artur Smirnov2013-07-01 07:19:28
Running a third party app? 2Reply
R
relgames2013-07-03 11:38:52
How to test complex distributed systems? 2Reply
I
Ivan Garbuz2013-07-06 15:42:18
Java: audio recording (sound cleaning from noise)? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question