3

I have some java server application and some WEB interface(jQuery). For REST services i'm using Jersey implementation. I can easily sent JSON to the server from WEB page and vice versa.

Example of my REST service:

@Path("/users")
public class User {

 @POST
 @Path("/login")
 @Consumes(MediaType.APPLICATION_JSON)
 public Response authUser(User user) {
   //code
 }
}

But there is one problem. How can I auth users? For example, i have some private resources: when user in not log in, he can't see it resource/web page, but when he logined(enter correct name and password) he can see it resource.

I didn't use sping application. I have googled a lot of time but I didn't find easy examples, then i tried to read Jose's Sandoval book "RESTful Java Web Services", in "Security" section a lot of useful information but there isn't examples.

Could you please help me?

Improve this question

1 Answer 1

Reset to default
2

There are different ways to approach this I believe. One way is that when the user authenticates, you send him back a token [which expires after some time] and he then passes back that token in subsequent calls.

Save the token to a file or db. In subsequent requests that come from client , compare token timestamp and value.

Once that token expires he has to re-authenticate.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Thank your for a response. I've read about it, in book it calls Custom token authentication", but don know how to realize it? Maybe you have some simple example?
I have only googled for an example. I really didn't know how to solve this problem. So I trying to find some simple example.
Of course, I've read this stackoverflow.com/questions/13987165/…
Hmm, thx for the idea. But there is one more question. When I will send this token to the web client, this token will be stored in the HTTP header?
@JavaDude in the response of a successful authentication. Http Header sounds correct.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.