Chapter 29. Examples for Chapter 15
The chapter goes over some example code that illustrates a few of the concepts and APIs you were introduced to in Chapter 15. In the first example, youâll write two custom security plug-ins. In the second example, youâll use JSON Web Encryption to add more security to a chat application.
Example ex15_1: Custom Security
In the first example, we will write two custom security features using JAX-RS filters. The first feature is a custom authentication protocol. The second will be a custom access policy. The example applies these security features to the code we wrote in ex06_1.
One-Time Password Authentication
The first custom security feature weâll write is one-time password (OTP) authentication. The client will use a credential that changes once per minute. This credential will be a hash that we generate by combining a static password with the current time in minutes. The client will send this generated one-time password in the Authorization header. For example:
GET/customersHTTP/1.1Authorization:<username> <generated_password>
The header will contain the username of the user followed by the one-time password.
The server code
We will enforce OTP authentication only on JAX-RS methods annotated with the @OTPAuthenticated annotation:
src/main/java/com/restfully/shop/features/OTPAuthenticated.java
@Target({ElementType.METHOD,ElementType.TYPE})@Retention(RetentionPolicy.RUNTIME)@NameBindingpublic@interfaceOTPAuthenticated{}
When declared on ...
Get RESTful Java with JAX-RS 2.0, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
