在泽西岛REST服务的用户身份验证 [英] User authentication on a Jersey REST service

问题描述

我开发一个REST应用，它是使用Jersey框架。我想知道我可以控制用户身份验证。我已经搜索很多地方，我已经找到最接近的文章是这样的：<一href=\"http://weblogs.java.net/blog/2008/03/07/authentication-jersey\">http://weblogs.java.net/blog/2008/03/07/authentication-jersey.

I am developing a REST application, which is using the Jersey framework. I would like to know how I can control user authentication. I have searched many places, and the closest article I have found is this: http://weblogs.java.net/blog/2008/03/07/authentication-jersey.

然而本文只能用一个GlassFish服务器和一个附加的数据库使用。反正是有，我可以在泽西实现一个接口，并达到所要求的REST资源之前把它作为一个过滤器？

However this article can only be used with a GlassFish server and an attached database. Is there anyway that I can implement an interface in Jersey and use it as a filter before reaching the requested REST resource?

我现在就想使用基本身份验证，但它应该有足够的灵活性，这样我可以在以后改变这一点。

I want to use basic authentication right now, but it should be flexible enough such that I can change that at a later time.

推荐答案

我成功地以Spring Security为确保我的总部位于新泽西州的API。它具有可插拔的身份验证方案，允许您从基本身份验证以后别的切换到一些东西。我不是一般，只是安全的东西使用Spring。

I'm sucessfully using spring security for securing my Jersey-based API. It has pluggable authentication schemes allowing you to switch from Basic Auth to something else later. I'm not using Spring in general, just the security stuff.

下面是相关的部分从我的web.xml

Here is the relevant part from my web.xml

<listener>
    <listener-class>
        org.springframework.web.context.ContextLoaderListener
    </listener-class>
</listener>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/security-applicationContext.xml,
        /WEB-INF/applicationContext.xml
    </param-value>
</context-param>

<!-- Enables Spring Security -->

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>
        org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
    <init-param>
        <param-name>targetBeanName</param-name>
        <param-value>springSecurityFilterChain</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>

</filter-mapping>

您可以保留的applicationContext.xml空（小于豆＆GT;＆LT; /豆＆GT;）。在安全的applicationContext.xml的例子可以发现 rel=\"nofollow\">

You can leave applicationContext.xml empty (<beans></beans>). An example of the security-applicationContext.xml can be found here

这篇关于在泽西岛REST服务的用户身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！