NextReports Server uses Jersey for REST web service implementation and Spring Security for authentication and authorization. To make authentication possible, Jersey integrates with Spring through a special servlet defined inside web.xml:
All web service calls are mapped to a special url pattern /api/* so to apply security a filter-mapping is added in web.xml:
jersey.springServlet com.sun.jersey.spi.spring.container.servlet.SpringServlet com.sun.jersey.config.property.packages com.asf.nextserver.api 1 jersey.springServlet /api/*
Web Service client has a method to authenticate the user:
public boolean isAuthorized() throws WebServiceExceptionBy default, Jersey has a big timeout value after a requests returns if no connection to the server is possible. All client applications need a smaller timeout, so a new method was added for this:
public boolean isAuthorized(int timeout) throws WebServiceExceptionwhere timeout is a value in milliseconds.