NextReports Server uses Jersey for REST web service implementation and Spring Security for authentication and authorization. To make authentication possible, Jersey integrates with Spring through a special servlet defined inside web.xml:
All web service calls are mapped to a special url pattern /api/* so to apply security a filter-mapping is added in web.xml:
Web Service client has a method to authenticate the user:
By default, Jersey has a big timeout value after a requests returns if no connection to the server is possible. All client applications need a smaller timeout, so a new method was added for this:
public boolean isAuthorized() throws WebServiceException
where timeout is a value in milliseconds.
public boolean isAuthorized(int timeout) throws WebServiceException