Restrict access to resources and DELETE/PUT commands for RESTful WS
I have created a Web service using Netbeans', JEE6 and Jersey - Webservice from Database feature. So my webservices can be accessed at: http://localhost:8080/SampleWS/listOfItems The 开发者_运维百科above returns a list of items present in my DataBase. I am using RESTKit on iOS as a client to access this resource.
However, there are two things i would like to do:
1) I would like to restrict access to the above resource only to authenticated users. What is the way to do that?
2) I would also like to restrict only selected out of authorized users to invoke DELETE, PUT and CREATE commands.
Finally, NetBeans allows me to create WS from Database, entities and pattern. Can someone point me to a tutorial for creating a RESTfulwithout using any of the above? In other words, and for example, i would like to map GET, PUT/DELETE methods to mathematical functions like addition, multiplication etc.
You don't mention which app server your deploying to. I assume GlassFish?
I haven't implemented this myself, but I believe Marc Hadleys blog post describes how to configure an application to cover your requirements 1) and 2):
http://weblogs.java.net/blog/mhadley/archive/2008/03/authentication.html
If you're using Spring you might also want to consider using spring-security instead, as described in this answer:
User authentication on a Jersey REST service
精彩评论