开发者

RESTful cross authentication

I have 2 RESTful services realized in JAX-RS (Jersey): "A" and "B". They are deployed on a separate application servers. "A" and "B" are both of mine.

  1. Client connect and login at "A" servi开发者_如何学运维ce;
  2. Client ask "A" for resource, for example: https://blabla1/services/myresources;
  3. For retrieve resource "myresources" service "A" should ask (not redirect) service "B" for another resource, for example: https://blabla2/services/anotherresources.

Service "B" need authenticate too, that's the problem. Is it possible, that service "A" ask "B" with client authentication parameters, and how it will works ?

I guess it's possible with oauth library, but I can't find any examples (close to my problem) and howto's.

Thanks


Just summarizing the solution outlined in the comments:

Service "B" (or a proxy in front of it) should only accept HTTPS requests with the certificate of server "A". (Server "A" can also validate server "B"'s certificate to avoid man in the middle attacks.)

Then the user name can be a plain text request parameter.

If you have better networking people than server people or find SSL daunting, have the network people establish a secure tunnel (forming a VPN) between your sites instead, and make service "B" unavailable from the raw Internet besides the tunnel.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜