Jax RS REST API - OAuth 2.0 and origin management
I have a REST API built using Java JAX-RS, the API will be published and protected by OAuth 2.0.
I plan to use this API from internal projects I create, and because this is my API, I do not expect the user to allow me to make calls to this API.
I am currently using filters to validate the access token and validate it against my OAuth provider, sample config:
<!-- Exposing the facility service as a REST service -->
<jaxrs:server id="restContainer" address="/">
<jaxrs:serviceBeans>
.. services beans
</jaxrs:serviceBeans>
<jaxrs:providers>
<ref bean="oauthFilter"/> <-- filter to validate oauth
<ref bean="apiUsageFilter"/> <-- filter to check api usage (integrated with 3scale)
<ref bean="jacksonProvider" />
<ref bean="exceptionMapper" />
</jaxrs:providers>
<jaxrs:extensionMappings>
<entry key="json" value="application/json" />
<entry key="xml" value="application/xml" />
<entry key="html" value="text/html" />
</jaxrs:extensionMappings>
<jaxrs:features>
<bean class="org.apache.cxf.feature.LoggingFeature"/>
</jaxrs:features>
</jaxrs:server>
I am wondering if I can implement a new filter to check the origin of the call if it is one of the listed ip (s) / domain (s) then bypasses oauth, if not then go to oauth.
Is this approach possible? would that be good practice? Pros and cons?
Thank!
+3
source to share