Securing jax-rs with OAuth

Question

Securing jax-rs with OAuth

I have the following problem:

I have a JAX-RS service that has an operation get

:

@Path("/unsecure/")
@Produces("application/json")
public class MyUnsecureService {
    public MyUnsecureService() {

    }

    @GET
    @Path("/get/{id}")
    @Produces("application/json")
    public User get(@PathParam("id") String id) {
        return User.get(id);
    }
}

now, i am going to open this API for mobile devices and i need an authentication and authorization mechanism to access the API.

My problem is that I have trusted applications (back-end jobs, a website that is running on my hosting) that should be able to expose this API as they see fit without limitation and mobile devices that should be able to expose this API only if they have a token generated using the user's real encrypted login / password that can be used on the service side to determine:

If the request for this method is allowed.
If the parameters are correct (it means that the user cannot get any other information about the user).

Can I use OAuth1 or OAuth2?

+3

java web-services oauth jax-rs

inteloid 03 Feb 13 at 15:24

source to share

2 answers

This is a very important question to raise.

You might want to take a look at Oz ( backgroud ), which AFAIU goes a long way towards your use cases. Personally, I have an interest in solving a problem for Java and tracking how Eran works with Java implementations ( jiron , hawkj ). To finally do Oz (or something like that ) in Java.

Much is not yet ripe for publication, but contact us if you wish.

The specific issue with JAX-RS now looks like the SecurityContext .

0

Jan Algermissen 01 june At 22:28

source to share

inteloid · Accepted Answer · 2013-06-27T12:26:24+0000

Found the answer:

Using the owner credentials and resource authorization credentials that are implemented in the OAuth2 Apache CXF implementation.

Securing jax-rs with OAuth

More articles: