Java EE auth to JAX-RS [closed]

Closed. This question is opinion-based. It is not currently accepting answers.

---

Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.

Closed 9 years ago.

Improve this question

What is the best way to authentic开发者_如何学Goate users to a rest API when it's built with Java EE technology?

---

The world is your oyster but generally you are looking at using the same methods for authenticating that you'd use on a website. Do whatever you think is necessary. You could choose from;

• simple username/password
• OAuth
• digitally signing the request (and potentially encrypting it) for example with an SSL cert
• lots of others

---

There are two general approaches for an API: You are offering keys and treat every request that has a valid key as being authorized.

Or you use the methods prescribed by HTTP for authentication. In case of basic authentication a login and password.

If the users of your API are acting on behalf of THEIR users, oauth seems to be the established standard though.

---

I don't know if it is the best way, but I would use HTTPS with SSL certificates. If possible use LDAP for the password and user "administration".