Well I am new to Java web services and I need to develop a quick application with some basic security. I am developing some REST services with JAVA, let say:
http://www.example.com/customer (is the URL for CRUD with POST, GET, PUT, DELETE),
http://www.example.com/product (is the URL for CRUD with POST, GET, PUT, DELETE), now I want admin users to perform all CRUD operations over products. Also I want customers to perform only GET on products, and I want to give them the possibility to register in DB. i.e. the customer can register and than can see products and can buy. The problem is that when I try to implement security I need to manually add a customer (a user) from glassfish admin console. How can I implement such functionality:
1) An non authenticated user try to see products through ../product
2) The application return a 401 request.
3) The user register as a customer to application (let say through POST ../customer)
4) The user try to see products again (as an authenticated customer) and the application return the products.
5) The user try to create products and it receives a 401 error code.
Thank you in advance,
Elvis.
You can either use session management as provided by the container, or implement it yourself. Sessions are required because HTTP (which REST it built on top of) is stateless.
There’s a number of Jersey + Jackson tutorials out there which give you pet-store style functionality (if you Google).
User Authentication a Jersey REST service using Spring Security is detailed here:
User authentication on a Jersey REST service