Tuesday, June 25, 2013

NextReports: WebService Authentication

NextReports Server offers a web service api to be used by different client applications. To be able to use any web service, users have to login with their credentials, otherwise no calls can be made to the api.

NextReports Server uses Jersey for REST web service implementation and Spring Security for authentication and authorization. To make authentication possible,  Jersey integrates with Spring through a special servlet defined inside web.xml:

        jersey.springServlet
        com.sun.jersey.spi.spring.container.servlet.SpringServlet
        
            com.sun.jersey.config.property.packages
            com.asf.nextserver.api
        
        1



        jersey.springServlet
        /api/*
All web service calls are mapped to a special url pattern /api/*  so to apply security a filter-mapping is added in web.xml:

        spring.securityBasicAuthorizationFilter
        /api/*
Web Service client has a method to authenticate the user:
public boolean isAuthorized() throws WebServiceException
By default, Jersey has a big timeout value after a requests returns if no connection to the server is possible. All client applications need a smaller timeout, so a new method was added for this:
public boolean isAuthorized(int timeout) throws WebServiceException
where timeout is a value in milliseconds.

2 comments:

Daniel Manta said...

Where do you set up users and credentials?

Mihai Dinca-Panaitescu said...

Web Service client has the methods for setting credentials like:

WebServiceClient client = new WebServiceClient();
client.setServer("http://ip:port/nextreports-server/api");
client.setUsername(user);
client.setPassword(password);
Md5PasswordEncoder pasEnc=new Md5PasswordEncoder();
client.setPasswordEncoder(pasEnc);