Tuesday, 25 June 2013

NextReports: WebService Authentication

NextReports Server offers a web service api to be used by different client applications. To be able to use any web service, users have to login with their credentials, otherwise no calls can be made to the api.

NextReports Server uses Jersey for REST web service implementation and Spring Security for authentication and authorization. To make authentication possible,  Jersey integrates with Spring through a special servlet defined inside web.xml:

        jersey.springServlet
        com.sun.jersey.spi.spring.container.servlet.SpringServlet
       
            com.sun.jersey.config.property.packages
            com.asf.nextserver.api
       

        1



        jersey.springServlet
        /api/*
All web service calls are mapped to a special url pattern /api/*  so to apply security a filter-mapping is added in web.xml:


        spring.securityBasicAuthorizationFilter
        /api/*

Web Service client has a method to authenticate the user:

public boolean isAuthorized() throws WebServiceException

By default, Jersey has a big timeout value after a requests returns if no connection to the server is possible. All client applications need a smaller timeout, so a new method was added for this:

public boolean isAuthorized(int timeout) throws WebServiceException

where timeout is a value in milliseconds.

No comments:

Post a Comment