4

we are developing two web application Application A : Restful web-services running on glassfish Server . Application B : Dynamics web application running on Tomcat Server .

I am accessing Application A only by my Application B , I dont want any other application to access my Application A . For this I have planed to install a Client-server certificate in the respective server , so that my Application A will only be access by my Application B , I want to block other Application to access my Application A. Can you please tell me how to install client - server certificate in the respective server ????

If anyone have better alternative to obtain this then please explain me .

Please explain with Example if possible .

Thank You

PRIYANK SINHA
  • 111
  • 1
  • 10
  • StackOverflow is not a code writing service. What did you try so far? What is your specific question/problem? – Jan Aug 04 '15 at 08:39
  • Security always comes at a cost, how much are you willing to pay (or need to pay due to external requirements), I mean, dealing with financial transactions may have other security constraints then when sharing photos. Can you elaborate on your problem and constraints? – joran Aug 04 '15 at 08:59
  • i hve tried using token system by adding security header in request and having filter at restful web app in glassfish server end validating each request from database which works fine but there might be performance issue as every request token has to be checked by filter of restful webapp...so i want to know if there is any other solution for this..i found that client-server certificate can be used but dont know how to use it. – PRIYANK SINHA Aug 04 '15 at 09:09

3 Answers3

0

Are you looking for authentication and authorisation ?. if yes you can use the spring security. If you are looking for only authentication(root level access) with some user id and password use the basic authentication. it will check if user is valid and has access to urls.

for code and more info check the urls.

how to implements Basic Authentication?

How to consuming RESTful webservices with basic authentication?

Nirmal Dhara
  • 2,121
  • 18
  • 27
0

As you are using Java, I supose that you are using Spring Framework, If so you could share authentication between applications using Spring Session

pdorgambide
  • 1,787
  • 19
  • 33
0
  1. I had some sample code that using pure java to do simple & basic auth. It may fit your need.
  2. Use postman to set & un-set basic auth to test it.
  3. benefit: simple. no-need any stuff other than javax.ws.rs.*
  4. only ok when you have 100% control of application B (this is the same as what my projects are) which is an internal application (not public-accessed web page)

code:

//  to inject request 
@Context
private HttpServletRequest request; 

@GET
@Path("/testAuth")
@Produces(MediaType.APPLICATION_JSON)
public Response testAuth() {
    // TODO 
    // this is only a template for doing authentication in the near future
    String returnString = "";

    //check if authenticated
    String authorization = request.getHeader("Authorization");
    if (authorization == null || authorization.toUpperCase().startsWith("BASIC ") == false) {
        //no authenticated
        returnString =  "{\"testAuth\", \"need authentication\"}"; 
        return Response.status(401).entity(returnString).build();
    } else{

        String credentials = authorization.substring("Basic".length()).trim();
        byte[] decoded = DatatypeConverter.parseBase64Binary(credentials);
        String decodedString = new String(decoded);
        String[] actualCredentials = decodedString.split(":");
        String ID = actualCredentials[0];
        String Password = actualCredentials[1];
        String Result = userAuthenticate(ID, Password);

        returnString =  "{\"testAuth\", \"" + 
            " (" + Result + ") \"}";
        return Response.status(200).entity(returnString).build();
    }   

}
dennis_chen_canada
  • 72
  • 1
  • 7