I had been searching for the materials that teach me to implement the different authentications in RESTful web services. I could not find any handful of materials. I am going to write a blog on all types of implementations of different Authentications in RESTful services.
Here, I am going to explain the RESTful web services implementing the Basic Authentication using web.xml (old way of doing this). The user and role details are available in the Tomcat servers.
tomcat-users.xml
<role rolename="member" /> <role rolename="admin"></role> <user username="anand" password="anand" roles="member"></user> <user username="kumar" password="kumar" roles="admin"></user>
web.xml
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd" > <web-app> <!-- <context-param> <param-name>contextConfigLocation</param-name> <param-value>WEB-INF/beans.xml</param-value> </context-param> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> --> <!-- JERSEY --> <servlet> <servlet-name>jersey-serlvet</servlet-name> <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class> <init-param> <param-name>com.sun.jersey.config.property.packages</param-name> <param-value>com.anand.restfuljersey.rest</param-value> </init-param> <init-param> <param-name>com.sun.jersey.api.json.POJOMappingFeature</param-name> <param-value>true</param-value> </init-param> <!-- <init-param> <param-name>com.sun.jersey.spi.container.ResourceFilters</param-name> <param-value>com.sun.jersey.api.container.filter.RolesAllowedResourceFilterFactory</param-value> </init-param> --> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>jersey-serlvet</servlet-name> <url-pattern>/rest/*</url-pattern> </servlet-mapping> <security-constraint> <web-resource-collection> <web-resource-name>Test</web-resource-name> <description>Test</description> <url-pattern>/rest/*</url-pattern> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <role-name>member</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config> </web-app>
JerseyService.java
/** * */ package com.anand.restfuljersey.rest; import javax.ws.rs.Consumes; import javax.ws.rs.GET; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.Produces; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import com.anand.restfuljersey.vo.Track; /** * @author Anand * */ @Path("/json/metallica") public class JerseyService { @GET @Path("/get") @Produces(MediaType.APPLICATION_JSON) // @RolesAllowed("Admin") public Track getTrackInJSON() { Track track = new Track(); track.setTitle("Anand"); track.setSinger("Metallica"); return track; } @POST @Path("/post") @Consumes(MediaType.APPLICATION_JSON) public Response createTrackInJSON(Track track) { String result = "Track saved :" + track; return Response.status(201).entity(result).build(); } }
When the service is hit in the browser or in the any REST client app like postman, the credentials should be entered to access the resource
the URL - http://localhost:8080/RestfulWSJerseyServices/rest/json/metallica/get
Credentials should match with the ones in tomcat-users.xml file. In this case, user name is anand and password is anand
No comments:
Post a Comment