java - JAX-RS: Authenticate with multiple principals (more than just username) -
using jersey service, elegant method authenticate user more username , password? say, business id, , username principals, , password credential.
i have postgres db users table, same username string can exist multiple business entities. (a unique constraint belongs 2 columns, business id , username together).
i use basic authentication, having client send additional http header business id. how go on here?
now, regarding authorization, how set roles , permissions, if roles created each business entity (each business can define it's own roles , connect permissions.)? permissions static.
does apache shiro (or other pluggable security extension) offer solution in case?
thanks.
you might consider.
implement auth logic in old servlet filter. jax-rs application normal www aplication, filters fits simple authorization mechanism.
jax-rs interceptors (preprocessinterceptor) can implement auth logic need (calling database, etc.) "more idiomatic" while working jax-rs.
use spring security. option if ready learn little of spring framework. spring security provides full featured authentication , access control mechanism, can implement whatever need. note rest of application not neeed use spring.
you might use cdi decorators (example) implement auth logic, sort of exotic given still low cdi adoption.
personaly go 1. or 2, simple cases , 3 more advanced.
Comments
Post a Comment