I didnt find anything according this issue.
Can jaas be used to secure my rest service? When yes, are there any advantages compared to basic/digest auth + ssl? Should I use jaas over basic/digest auth for my rest service?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I didnt find anything according this issue.
Can jaas be used to secure my rest service? When yes, are there any advantages compared to basic/digest auth + ssl? Should I use jaas over basic/digest auth for my rest service?
Yes you can use JAAS to secure a REST (or any other type of) service…. as long as your REST container provides the ability to hook JAAS Login Modules.
Most containers I know, do, Tomcat and Jetty in particular.
JAAS is no so much about how the credentials are formatted or made available (Form Login, Basic auth, etc…) but more about how you validate them. You may want to check a local file, query an DB or an LDAP server…
JAAS is not only authentication, but authorization too. Once you have passed the authentication phase, the roles and permissions you provide to the user. All containers that implement JAAS will provide a seamless integration between the JAAS module and the authorization scheme provided by the container such as the one provided by web.xml for servlets.
Since JAAS is a standard and is now part of the JRE, you will find a lot of ready-made modules and documentation on the web to help you build your own if need be.