User authentication on a Jersey REST service

Question

I am developing a REST application, which is using the Jersey framework. I would like to know how I can control user authentication. I have searched many places, and the clo

Answer 1

Sure, you can use a traditional servlet filter for this.

Add the filter to your web.xml, check for whatever authentication headers you're using (Basic or Digest), perform your authentication logic based on those values, and store the result in a session attribute. In your Jersey resource (ctor probably), extract the auth result from the session attribute and continue processing or not based on whether this is the result you require.

Your Jersey resource ctor would probably look like this:

protected AbstractResource(@Context ServletContext servletContext, 
    @Context HttpServletRequest httpServletRequest) {

    ...

    HttpSession session = httpServletRequest.getSession();
    // get whatever you put in the session in the auth filter here and compare
}