Overview
I have shown you in the following post how to develop the RESTful web services using the Jersey Java Framework
Jersey JAX-RS Framework - Step by Step Guide for Developing RESTful web services
There are different security levels that we can add to web services
- a) Authentication
- b) Authorization
- c) Encryption
The scope of this post is for Authentication. If we look at the available options then we have
- a) OpenID
- b) OAuth
- c) HTTP Basic Authentication
HTTP Basic level authentication is the weakest among the above three available options but it is still preferable over no Authentication :)
Let's start how to implement the Basic HTTP Authentication.
Requirements for this tutorial
- Eclipse
- Maven
- Jersey Framework
- Tomcat
STEP 1
First, we will code our filter to process the request before redirecting it to the respective resource. We will achieve it by implementing the ContainerRequestFilter. We will add the following dependency to the maven
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>3.0-alpha-1</version>
<scope>provided</scope>
</dependency>
STEP 2
package com.techieshah.filters;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response.Status;
import javax.xml.bind.DatatypeConverter;
/**
* @author techieshah.blogspot.com
*
*/
public class HTTPBasicAuthenticationFilter implements ContainerRequestFilter{
@Context
HttpServletRequest httpServletRequest;
public void filter(ContainerRequestContext containerRequest) throws IOException {
final String AUTHENTICATION_HEADER = "Authorization";
String auth = containerRequest
.getHeaderString(AUTHENTICATION_HEADER);
if(auth == null){
throw new WebApplicationException(Status.UNAUTHORIZED);
}
String lap[] = decode(auth);
//If login or password fail
if(lap == null || lap.length < 2){
throw new WebApplicationException(Status.UNAUTHORIZED);
}
if( ! ( "testUser".equals( lap[0] ) || "test01".equals( lap[1] ) ) ){
throw new WebApplicationException(Status.UNAUTHORIZED);
}
}
private String[] decode(String auth) {
//Replacing "Basic THE_BASE_64" to "THE_BASE_64" directly
auth = auth.replaceFirst("[B|b]asic ", "");
byte[] bytes = DatatypeConverter.parseBase64Binary(auth);
if(bytes == null || bytes.length == 0){
return null;
}
return new String(bytes).split(":",2);
}
}
In the above code, we have overridden the filter method in order to look for authentication credentials.
STEP 3
In the last step, we will add the above filter in the init-param to the web.xml file
<init-param>
<param-name>jersey.config.server.provider.classnames</param-name>
<param-value>com.techieshah.filters.HTTPBasicAuthenticationFilter;</param-value>
</init-param>
403 Unauthorized status code in response will be returned if Basic Authentication header is missing OR wrong credentials are provided.
Comments
Post a Comment