The chapter goes over some example code that illustrates a few of the concepts and APIs you were introduced to in Chapter 15. In the first example, you’ll write two custom security plug-ins. In the second example, you’ll use JSON Web Encryption to add more security to a chat application.
In the first example, we will write two custom security features using JAX-RS filters. The first feature is a custom authentication protocol. The second will be a custom access policy. The example applies these security features to the code we wrote in ex06_1.
The first custom security feature we’ll write is one-time password (OTP) authentication. The client will use a credential that changes once per minute. This credential will be a hash that we generate by combining a static password with the current time in minutes. The client will send this generated one-time password in the
Authorization header. For example:
The header will contain the username of the user followed by the one-time password.
We will enforce OTP authentication only on JAX-RS methods annotated with the
When declared on a JAX-RS ...