in jax-rs (or jersey) rest service, i'm trying make custom authentication users in database. have @get annotated method should interact user asking credentials done in spring framework authentication provider - no custom login form, plain http login browser popup form.
currently can handle http basic access authentication provided in header, need ask credentials before accessing content interactively , make token-based authentication on base.
i have keep application light-weight don't know how can "easy" task done..
edit: found in wildfly configuration (i'm using 9 final version) don't know how use login using datasource..
if can handle http basic authentication, need a "login form" browser? solved implementing javax.ws.rs.ext.exceptionmapper , overriding toresponse(throwable ex). our app throws notauthenticatedexception gets mapped javax.ws.rs.core.response.status.unauthorized. add response header appropriately:
@provider public class restexmapper implements exceptionmapper<throwable> { @override public response toresponse(throwable ex) { //our application maps not logged in exception javax.ws.rs.core.response.status.unauthorized in pair pair<integer, objectmap> ret = buildresponse( unwrap( ex)); responsebuilder rb = response.status( ret.left()).entity( ret.right()).type( "application/json"); if( ret.left() == unauthorized.getstatuscode()) return rb.header( httpheaders.www_authenticate, "basic realm=\"your service name\"").build(); else return rb.build(); } the important part setting response header if user not logged in, makes browser display http basic login dialog.
Comments
Post a Comment