tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Authentication from a REST service
Date Thu, 18 Jul 2013 14:42:44 GMT
Martin O'Shea wrote:
> Chris
> 
> It's a case of considering options at the moment. It doesn't matter too much about the
actual expiration time of the session. But a question arises concerning use of a realm: if
I have the following code in a realm in context.xml for existing browser-based logging in:
> 
> <Realm
>         className = "org.apache.catalina.realm.DataSourceRealm"
>         digest="MD5"
>         debug = "99"
>         dataSourceName = "jdbc/MyApp"
>         localDataSource = "true"
>         userTable = "User"
>         userNameCol = "UserName"
>         userCredCol = "Password"
>         userRoleTable = "User"
>         roleNameCol = "RoleName" />
> 
> Could it be used also for the REST service? And would a servlet be required to handle
authentication?
> 
Well, apart from the layers of obfuscation added by Jersey, fundamentally the "REST 
service" is still a webapp, composed of servlets.
So it is more a case of "does Jersey provide an authentication servlet (or filter) ? and 
what can it do ?". No ?
Or does Jersey rely on container-based authentication ?

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message