authorization via url or token?

classic Classic list List threaded Threaded
6 messages Options
tmp
Reply | Threaded
Open this post in threaded view
|

authorization via url or token?

tmp
hello!

I have a Tomcat server and some resources provided by Jersey. For Tomcat a have set up a JDBCRealm and the resources are protected with @RolesAllowed({ "admin", "user" })..

Everything works as expected: when I want to call a protected resource, i have to type username + password and then I can access the resource via https.

Now my problem:
I want a resource to be available via https but without the manual authorization step.
For example the username and password or an access-token should be provided by the url.

How can I achieve that?

Thanks in advance
tmp
Reply | Threaded
Open this post in threaded view
|

Re: authorization via url or token?

tmp
I had the idea to solve the problem like this:

Resource A (allowed for all users) sets username + password authentication and forwards to a resource B (allowed for a specific role).

How can i achieve that? How can i set username + password in a resource method?

Reply | Threaded
Open this post in threaded view
|

Re: authorization via url or token?

jyeary
Use security annotations http://java.sun.com/developer/technicalArticles/J2EE/security_annotation/ since the user is already logged in you should be able to use this without issue.


John
____________________________

John Yeary
____________________________ 

       
____________________________ 

"Far better it is to dare mighty things, to win glorious triumphs, even though checkered by failure, than to take rank with those poor spirits who neither enjoy much nor suffer much, because they live in the gray twilight that knows not victory nor defeat."
-- Theodore Roosevelt



On Wed, Feb 8, 2012 at 5:45 AM, tmp <[hidden email]> wrote:
I had the idea to solve the problem like this:

Resource A (allowed for all users) sets username + password authentication
and forwards to a resource B (allowed for a specific role).

How can i achieve that? How can i set username + password in a resource
method?



--
View this message in context: http://jersey.576304.n2.nabble.com/authorization-via-url-or-token-tp7261856p7265297.html
Sent from the Jersey mailing list archive at Nabble.com.

Reply | Threaded
Open this post in threaded view
|

Re: authorization via url or token?

Pavel Bucek-2
you might also benefit from RolesAllowedResourceFilterFactory which allows you to use @RollesAllowed, @PermitAll and @DennyAll, see
http://jersey.java.net/nonav/apidocs/1.11/jersey/com/sun/jersey/api/container/filter/RolesAllowedResourceFilterFactory.html

Regards,
Pavel

On 2/8/12 4:59 PM, John Yeary wrote:
Use security annotations http://java.sun.com/developer/technicalArticles/J2EE/security_annotation/ since the user is already logged in you should be able to use this without issue.


John
____________________________

John Yeary
____________________________ 

       
____________________________ 

"Far better it is to dare mighty things, to win glorious triumphs, even though checkered by failure, than to take rank with those poor spirits who neither enjoy much nor suffer much, because they live in the gray twilight that knows not victory nor defeat."
-- Theodore Roosevelt



On Wed, Feb 8, 2012 at 5:45 AM, tmp <[hidden email]> wrote:
I had the idea to solve the problem like this:

Resource A (allowed for all users) sets username + password authentication
and forwards to a resource B (allowed for a specific role).

How can i achieve that? How can i set username + password in a resource
method?



--
View this message in context: http://jersey.576304.n2.nabble.com/authorization-via-url-or-token-tp7261856p7265297.html
Sent from the Jersey mailing list archive at Nabble.com.


Reply | Threaded
Open this post in threaded view
|

Re: authorization via url or token?

jyeary
Nice!... I forgot to mention that, and I was just using it yesterday.

John
____________________________

John Yeary
____________________________ 

       
____________________________ 

"Far better it is to dare mighty things, to win glorious triumphs, even though checkered by failure, than to take rank with those poor spirits who neither enjoy much nor suffer much, because they live in the gray twilight that knows not victory nor defeat."
-- Theodore Roosevelt



On Wed, Feb 8, 2012 at 11:34 AM, Pavel Bucek <[hidden email]> wrote:
you might also benefit from RolesAllowedResourceFilterFactory which allows you to use @RollesAllowed, @PermitAll and @DennyAll, see
http://jersey.java.net/nonav/apidocs/1.11/jersey/com/sun/jersey/api/container/filter/RolesAllowedResourceFilterFactory.html

Regards,
Pavel

On 2/8/12 4:59 PM, John Yeary wrote:
Use security annotations http://java.sun.com/developer/technicalArticles/J2EE/security_annotation/ since the user is already logged in you should be able to use this without issue.


John
____________________________

John Yeary
____________________________ 

       
____________________________ 

"Far better it is to dare mighty things, to win glorious triumphs, even though checkered by failure, than to take rank with those poor spirits who neither enjoy much nor suffer much, because they live in the gray twilight that knows not victory nor defeat."
-- Theodore Roosevelt



On Wed, Feb 8, 2012 at 5:45 AM, tmp <[hidden email]> wrote:
I had the idea to solve the problem like this:

Resource A (allowed for all users) sets username + password authentication
and forwards to a resource B (allowed for a specific role).

How can i achieve that? How can i set username + password in a resource
method?



--
View this message in context: http://jersey.576304.n2.nabble.com/authorization-via-url-or-token-tp7261856p7265297.html
Sent from the Jersey mailing list archive at Nabble.com.



tmp
Reply | Threaded
Open this post in threaded view
|

Re: authorization via url or token?

tmp
In reply to this post by jyeary
sorry that did not help me :)

i think i did not write it clear enough:

resource A is unprotected
-> users can access it without authentication
-> when the resource is called the user gets authenticated automatically (f.e. as guest)

i just need some code, how i can authenticate a user inside the resource A method

thanks alot!