Jax rs authentication using CXF frame work without spring security

Question

I am new to jax rs implementation. I had created RESTFUL application contains the web services using jax rs. But I want to provide the authentication and authorization to some of the web services. I am unable to configure the web.xml for the authentication. Thanks in advance

Answer 1

You can use container-level authentication. For instance, in Apache Tomcat, you can configure HTTP-based authentication (e.g. BASIC, DIGEST, or even FORM-based though the latter does not make sense for APIs).

To configure HTTP BASIC authentication as an example you need to:

• define users in a user store and connect Tomcat to it. By default Tomcat provides you with a tomcat-users.xml file which you can use to define users. You could also configure Tomcat to use LDAP as a source
• update your web.xml file to add the security-constraint element
• update your web.xml to add the login-config element
• update your web.xml to add the security-role element

Here's an example snippet:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Protected Area</web-resource-name>
        <url-pattern>/*</url-pattern>
        <http-method>PUT</http-method>
        <http-method>DELETE</http-method>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>basic-user</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
</login-config>
<security-role>
    <role-name>basic-user</role-name>
</security-role>

Note that there is a great answer already available here too: Easy way for Authentication and Authorization with JAX-RS Jersey