User authentication on a Jersey REST service

Question

I am developing a REST application, which is using the Jersey framework. I would like to know how I can control user authentication. I have searched many places, and the clo

Answer 1

I'm working on something similar to this. In my implementation, we have Apache httpd front-ended to handle HTTP Basic authentication and it simply forwards all requests with some header information containing the user and roles.

From that, I'm working on parsing these pieces out using a servlet filter to wrap the HttpServletRequest using a post I found on CodeRanch. This allows me to use the javax.annotation.security annotations like @RolesAllowed on each resource I want to filter. To get all of these pieces working, however, I had to add the following to my servlet in the web.xml:

  
  
    com.sun.jersey.spi.container.ResourceFilters
    com.sun.jersey.api.container.filter.RolesAllowedResourceFilterFactory
  
  ...

You might find that Eric Warriner's answer on a recent post of interest: Jersey, Tomcat and Security Annotations