Chapter 29. Examples for Chapter 15

The chapter goes over some example code that illustrates a few of the concepts and APIs you were introduced to in Chapter 15. In the first example, you’ll write two custom security plug-ins. In the second example, you’ll use JSON Web Encryption to add more security to a chat application.

Example ex15_1: Custom Security

In the first example, we will write two custom security features using JAX-RS filters. The first feature is a custom authentication protocol. The second will be a custom access policy. The example applies these security features to the code we wrote in ex06_1.

One-Time Password Authentication

The first custom security feature we’ll write is one-time password (OTP) authentication. The client will use a credential that changes once per minute. This credential will be a hash that we generate by combining a static password with the current time in minutes. The client will send this generated one-time password in the Authorization header. For example:

GET /customers HTTP/1.1
Authorization: <username> <generated_password>

The header will contain the username of the user followed by the one-time password.

The server code

We will enforce OTP authentication only on JAX-RS methods annotated with the @OTPAuthenticated annotation:

src/main/java/com/restfully/shop/features/OTPAuthenticated.java

@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@NameBinding
public @interface OTPAuthenticated
{
}

When declared on a JAX-RS ...

Get RESTful Java with JAX-RS 2.0, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.