Implementation of secure JAX-RS applications
The IBM® JAX-RS 1.1 runtime environment is driven by a servlet that is derived from the Apache Wink project. The JAX-RS 2.0 runtime environment is driven by a servlet derived from the Apache CXF. Within the WebSphere® Application Server environment, the lifecycle of servlets is managed in the web container. Therefore, the security services that are offered by the web container are applicable to REST resources that are deployed to WebSphere Application Server.
- User authentication when starting REST resources embodied in the application, including
- HTTP basic authentication.
- Form login authentication.
- Authorization control over REST resources as defined by the URL patterns for the resources.
- Use of SSL for transport when starting REST resources.
- Programmatic use of the
SecurityContextobject to determine user identity and roles.
- Securing JAX-RS applications within the web container
- Securing JAX-RS resources using annotations
- Securing downstream JAX-RS resources