验证泽西 [英] Authentication in Jersey

问题描述

我要实现我的Jersey0based服务器/客户端REST认证，但我不知道究竟如何铺陈code。

I want to implement authentication for my Jersey0based server/client REST but I'm not sure how exactly to lay out the code.

基本上每个操作我有2个方法 - 1从客户端服务器端，1。

Basically for every operation I have 2 methods - 1 from the server side, 1 from the client side.

我已经收窄算法 - 我将使用与HMAC亚马逊的策略。

I've narrowed down the algorithm - I'm going to use the amazon strategy with HMAC.

问题是如何布置这在code - 我要补充的认证（加密/解密code）到每一个方法 - 无论是服务器/客户端或者我应该有一个调度的方法两侧这将执行加密/解密，然后将执行控制转移到一个更为特殊的版本这样我将有1，其中认证同时在客户端或服务器进行集中的地方？

The question is how to lay out this in the code - should I add the authentication (encryption/decryption code) into every method - both server/client side or should I have one "dispatch" method on both sides which would perform the encryption/decryption and then will transfer execution control to a more specialized version that way I will have 1 central place where authentication is done in both the client or the server?

我愿意听听你的意见吗？

I'm willing to hear your comments on that?

推荐答案

客户端：

您只需要创建ClientFilter并将其添加到过滤器链。你可以有两个客户端（或更多），例如一个用于身份验证的请求，另一个用于其他请求，所以你不应该浪费任何资源。

You just need to create ClientFilter and add it to the filter chain. You can have two clients (or more) for example one for authenticated requests and other one for other requests, so you should not waste any resources.

看<一个href=\"http://jersey.java.net/nonav/apidocs/1.12/jersey/com/sun/jersey/api/client/filter/ClientFilter.html\" rel=\"nofollow\">http://jersey.java.net/nonav/apidocs/1.12/jersey/com/sun/jersey/api/client/filter/ClientFilter.html

服务器端：

服务器端类似，您可以实现请求/ ResponseContainerFilter（S），这将处理验证。这些过滤器默认情况下全球性的，但你可以通过实现ResourceFilterFactory缩小其范围，然后附加只有适当的资源（终点）。

Similar to server side, you can implement Request/ResponseContainerFilter(s), which will handle authentication. These filters are global by default, but you can narrow down its scope by implementing ResourceFilterFactory and attach then only to appropriate resources (endpoints).

或者你可以有2战，一个是安全的资源，一个用于其他。

Or you could have 2 wars, one for "secure" resources and one for other.

<一href=\"http://jersey.java.net/nonav/apidocs/1.12/jersey/com/sun/jersey/spi/container/ResourceFilterFactory.html\" rel=\"nofollow\">http://jersey.java.net/nonav/apidocs/1.12/jersey/com/sun/jersey/spi/container/ResourceFilterFactory.html

<一href=\"http://jersey.java.net/nonav/apidocs/1.12/jersey/com/sun/jersey/spi/container/ContainerRequestFilter.html\" rel=\"nofollow\">http://jersey.java.net/nonav/apidocs/1.12/jersey/com/sun/jersey/spi/container/ContainerRequestFilter.html

<一href=\"http://jersey.java.net/nonav/apidocs/1.12/jersey/com/sun/jersey/spi/container/ContainerResponseFilter.html\" rel=\"nofollow\">http://jersey.java.net/nonav/apidocs/1.12/jersey/com/sun/jersey/spi/container/ContainerResponseFilter.html

这篇关于验证泽西的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！