Securing downstream JAX-RS resources
You can secure downstream Java™ API for RESTful Web Services (JAX-RS) resources by configuring the BasicAuth method for authentication and by using the LTPA JAX-RS security handler to take advantage of single sign-on for user authentication.
Before you begin
- You have installed your JAX-RS application onto the application server.
- You have enabled security for your JAX-RS application.
- You have secured your JAX-RS applications within the web container by configuring downstream JAX-RS applications to use the basic authentication (BasicAuth) method for user authentication.
About this task
When composing JAX-RS resources, a new LTPA JAX-RS security handler can be used to seamlessly authenticate on downstream resource invocations.
When invoking downstream secure JAX-RS resources, the calling application is required to authenticate to the target resource. If the target resource on a downstream server uses the BasicAuth method for security, the calling application can take advantage of single sign-on (SSO) for JAX-RS resources. Using single sign-on, an authenticated context is propagated along downstream calls. You can use the LTPA-based security client handler to authenticate to downstream resources that are distributed across servers.
To illustrate this scenario,
assume that you have two servers in your cell and that you have deployed
JAX-RS resources on both of these servers. Suppose from one resource
on server1
you need to invoke another resource that
is deployed on server2
. When server2
resources are secured using the BasicAuth method for authentication,
use the LTPA JAX-RS security handler to take advantage of single sign-on
and seamlessly propagate user authentication on downstream calls without
having to provide or manage user identities and passwords in the application.
Use the following steps to configure user authentication to a downstream server using the JAX-RS security handler at application build time.
Procedure
Results
You have defined secure JAX-RS resources such that when downstream resources are invoked, you can use single sign-on and seamlessly propagate user authentication on downstream calls without having to provide or manage user identities and passwords in the application.
Example
import org.apache.wink.client.Resource;
import org.apache.wink.client.RestClient;
import org.apache.wink.client.ClientConfig;
import org.apache.wink.client.handlers.LtpaAuthSecurityHandler;
ClientConfig config = new ClientConfig();
LtpaAuthSecurityHandler secHandler = new LtpaAuthSecurityHandler();
// Add this security handler to the handlers chain.
config.handlers(secHandler);
// Create the REST client instance.
RestClient client = new RestClient(config);
// Create the resource instance that you want to interact with.
// Substitute a value representing your resource address
resource =
client.resource("http://localhost:8080/path/to/resource");
// Now you are ready to begin calling your resource.
ClientBuilder cb = ClientBuilder.newBuilder();
Client c = cb.build();
c.property("com.ibm.ws.jaxrs.client.ltpa.handler", "true");
String res = "";
res = c.target("http://" + serverIP + ":" + serverPort + "/" + moduleName + "/rest/ltpa")
.request()
c.close();
return res;