Security (Jersey router)
This module provides JAX-RS filters that set javax.ws.rs.core.SecurityContext
for requests authenticated with
various authentication schemes.
Note: If using Jersey 3.X, replace all imports containing javax.ws
with jakarta.ws
, and replace the dependency with:
* servicetalk-http-security-jersey3-jakarta9
for Jersey 3.0.X
* servicetalk-http-security-jersey3-jakarta10
for Jersey 3.1.X
Basic Authentication
This module establishes a JAX-RS SecurityContext
for requests that have been authenticated with
the Basic
HTTP Authentication Scheme (RFC7617),
via the BasicAuthHttpServiceFilter
from servicetalk-http-utils
.
Therefore a BasicAuthHttpServiceFilter
must be configured for all requests that are filtered by this module.
This can be achieved by configuring the BasicAuthHttpServiceFilter
either globally
for the whole ServiceTalk HTTP server or to specific paths with the HttpPredicateRouterBuilder
.
This is similar to configuring security at JavaEE container level in web.xml .
|
BasicAuthSecurityContextFilters
provides factory methods for the two main types of JAX-RS filters:
-
Globally bound filters, which are applied to all resources of the JAX-RS
javax.ws.rs.core.Application
, -
Name bound filters, which needs to be manually applied to specific resources via the provided
@BasicAuthenticated
annotation.
Each of these main types come in two different flavors:
-
User info filters, which require the upstream
BasicAuthHttpServiceFilter
to have set an object containing user information in the ServiceTalkAsyncContext
. These filters convert the user info into ajava.security.Principal
(unless it is already aPrincipal
instance) and establish a requestSecurityContext
using thisPrincipal
. -
No user info filters, which do not expect any user information in the
AsyncContext
. These filters use an anonymousPrincipal
when setting the requestSecurityContext
.
Filter builders allow configuring the strategies used for creating Principal
and SecurityContext
instances,
in case the default strategies described above are not sufficient.