使用OAuth保护jax-rs [英] Securing jax-rs with OAuth

问题描述

我有以下问题:

我有一个具有get操作的JAX-RS服务:

I have JAX-RS service which has a get operation:

@Path("/unsecure/")
@Produces("application/json")
public class MyUnsecureService {
    public MyUnsecureService() {

    }

    @GET
    @Path("/get/{id}")
    @Produces("application/json")
    public User get(@PathParam("id") String id) {
        return User.get(id);
    }
}

现在，我将为移动设备打开此API，并且需要身份验证和授权机制才能访问该API.

now, I'm going to open this API for mobile devices and I need authentication and authorization mechanism to access the API.

我的问题是我拥有受信任的应用程序(内部工作，在我的托管服务器上运行的网站)，这些应用程序应能够不受限制地公开此API，而移动设备应能够公开此应用程序仅当API具有使用真实用户的加密登录/传递形成的令牌时，API才能在服务端用于确定:

My problem is that I have trusted apps (internal jobs, a website which runs on my hosting) which should be able to expose this API as they want, with no limitation, and mobile devices, which should be able to expose this API only if they have a token, formed using real User's encrypted login/pass, which can be used on service-side to determine:

1. 如果允许对该方法的请求.
2. 如果参数正确(因此用户无法获取其他用户的信息).

可以使用OAuth1或OAuth2吗?

Is this possible to do using OAuth1 or OAuth2?

推荐答案

找到答案:

使用在Apache CXF的OAuth2实现中实现的客户端凭据和资源所有者授权授予.

Using Client Credentials and Resource Owner authorization grants, which are implemented in OAuth2 implementation of Apache CXF.

这篇关于使用OAuth保护jax-rs的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！