Jersey REST 服务上的用户身份验证 [英] User authentication on a Jersey REST service

问题描述

我正在开发一个使用 Jersey 框架的 REST 应用程序.我想知道如何控制用户身份验证.我搜索了很多地方，找到的最接近的文章是这样的:http://weblogs.java.net/blog/2008/03/07/authentication-jersey.

I am developing a REST application, which is using the Jersey framework. I would like to know how I can control user authentication. I have searched many places, and the closest article I have found is this: http://weblogs.java.net/blog/2008/03/07/authentication-jersey.

但是，本文只能与 GlassFish 服务器和附加数据库一起使用.无论如何，我可以在 Jersey 中实现一个接口并在到达请求的 REST 资源之前将其用作过滤器吗?

However this article can only be used with a GlassFish server and an attached database. Is there anyway that I can implement an interface in Jersey and use it as a filter before reaching the requested REST resource?

我现在想使用基本身份验证，但它应该足够灵活，以便我以后可以更改.

I want to use basic authentication right now, but it should be flexible enough such that I can change that at a later time.

推荐答案

我成功地使用 Spring Security 来保护我基于 Jersey 的 API.它具有可插入的身份验证方案，允许您稍后从基本身份验证切换到其他身份验证.我一般不使用 Spring，只使用安全方面的东西.

I'm sucessfully using spring security for securing my Jersey-based API. It has pluggable authentication schemes allowing you to switch from Basic Auth to something else later. I'm not using Spring in general, just the security stuff.

这是我的 web.xml 中的相关部分

Here is the relevant part from my web.xml

<listener>
    <listener-class>
        org.springframework.web.context.ContextLoaderListener
    </listener-class>
</listener>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/security-applicationContext.xml,
        /WEB-INF/applicationContext.xml
    </param-value>
</context-param>

<!-- Enables Spring Security -->

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>
        org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
    <init-param>
        <param-name>targetBeanName</param-name>
        <param-value>springSecurityFilterChain</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>

</filter-mapping>

您可以将 applicationContext.xml 留空 (<beans></beans>).可以在此处

You can leave applicationContext.xml empty (<beans></beans>). An example of the security-applicationContext.xml can be found here

这篇关于Jersey REST 服务上的用户身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！