4 Replies Latest reply on Apr 29, 2011 5:39 AM by roydigerhund

Securing Resteasy

roydigerhund Apr 19, 2011 10:12 AM

Hi,

im new here. Excuse me for my bad english. I hope that i can contribute a positive value to this forum.

Unfortunately im faced with a problem at the moment, which im trying
to solve for about 1 week now.

I have a working RESTful api thanks to Resteasy.

Now i have the task to secure this api, and i dont know how.

I tried to add @RolesAllowed. This didnt worked. I dont get the documentation. What do they mean with: change the RESTeasy.war file?

After tring hard to get @RolesAllowed working with no success, i took a look at seam in action from Dan Allen. And there it is: @Restrict(#{identity.loggedIn})

@Restrict does the job for me. If im not logged in, the api is not reachable.

But now im faced with the problem how to authenticate from a mobile device. Because the api should be reachable from mobile after authentication.

Can someone give me a hint how i can call the authenticate method from a mobile device?

Kindest Regards
Roy

1. Re: Securing Resteasy

jharting Apr 20, 2011 8:51 AM (in response to roydigerhund)

Roy,

could you explain the mobile device usecase more? Are you using a mobile web browser or do you have a mobile client application which is under your control?
Actions
2. Re: Securing Resteasy

roydigerhund Apr 21, 2011 5:58 AM (in response to roydigerhund)

Hi Jozef,

i have to implement a mobile client application with native code, without a mobile web browser.
Actions
3. Re: Securing Resteasy

jharting Apr 22, 2011 4:47 AM (in response to roydigerhund)
In that case, you can use Seam RESTEasy integration together with Seam Security. Seam Security comes with built-in support for HTTP Basic and HTTP Digest mechanisms. Alternatively, you can implement an Authenticator for two-legged OAuth yourself. Once you implement the Authenticator, you can secure your resources using @Restrict annotation (as you already did).

I recommend that you take a look at the Seam Tasks example, that demonstrates a basic JAX-RS web service secured with Seam Security (using HTTP basic).

Mainly:

Authentication filter configuration

Authenticator

Resource with restricted access
Actions
4. Re: Securing Resteasy

roydigerhund Apr 29, 2011 5:39 AM (in response to roydigerhund)

Thank you Jozef!!

i did it with HTTP-Digest and SSL. It works like a charm :)

Im intressted as well in two-legged OAuth, you mentioned in your post.
Do you have further information how it can be established with seam?
Actions

Go to original post