Chapter 29. Examples for Chapter 15
The chapter goes over some example code that illustrates a few of the concepts and APIs you were introduced to in Chapter 15. In the first example, you’ll write two custom security plug-ins. In the second example, you’ll use JSON Web Encryption to add more security to a chat application.
Example ex15_1: Custom Security
In the first example, we will write two custom security features using JAX-RS filters. The first feature is a custom authentication protocol. The second will be a custom access policy. The example applies these security features to the code we wrote in ex06_1.
One-Time Password Authentication
The first custom security feature we’ll write is one-time password (OTP) authentication. The client will use a credential that changes once per minute. This credential will be a hash that we generate by combining a static password with the current time in minutes. The client will send this generated one-time password in the Authorization
header. For example:
GET
/customers
HTTP
/
1.1
Authorization
:
<username> <generated_password>
The header will contain the username of the user followed by the one-time password.
The server code
We will enforce OTP authentication only on JAX-RS methods annotated with the @OTP
Authenticated
annotation:
src/main/java/com/restfully/shop/features/OTPAuthenticated.java
@Target
({
ElementType
.
METHOD
,
ElementType
.
TYPE
})
@Retention
(
RetentionPolicy
.
RUNTIME
)
@NameBinding
public
@interface
OTPAuthenticated
{
}
When declared on a JAX-RS ...
Get RESTful Java with JAX-RS 2.0, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.