Tuesday, 25 June 2013

NextReports: WebService Authentication

NextReports Server offers a web service api to be used by different client applications. To be able to use any web service, users have to login with their credentials, otherwise no calls can be made to the api.

NextReports Server uses Jersey for REST web service implementation and Spring Security for authentication and authorization. To make authentication possible,  Jersey integrates with Spring through a special servlet defined inside web.xml:

        jersey.springServlet
        com.sun.jersey.spi.spring.container.servlet.SpringServlet
        
            com.sun.jersey.config.property.packages
            com.asf.nextserver.api
        
        1



        jersey.springServlet
        /api/*
All web service calls are mapped to a special url pattern /api/*  so to apply security a filter-mapping is added in web.xml:


        spring.securityBasicAuthorizationFilter
        /api/*

Web Service client has a method to authenticate the user:

public boolean isAuthorized() throws WebServiceException

By default, Jersey has a big timeout value after a requests returns if no connection to the server is possible. All client applications need a smaller timeout, so a new method was added for this:

public boolean isAuthorized(int timeout) throws WebServiceException

where timeout is a value in milliseconds.

Posted by at

1 comment:

  1. for ict 997 September 2020 at 12:11

    Great Article Cyber Security Projects projects for cse Networking Security Projects JavaScript Training in Chennai JavaScript Training in Chennai The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

    ReplyDelete

Subscribe to: Post Comments (Atom)