Implement secure JAX-RS applications
The IBM runtime environment for Java API for RESTful Web Services (JAX-RS) is driven by a servlet derived from the Apache Wink project. Within the WAS environment, the lifecycle of servlets is managed in the web container. Therefore, the security services offered by the web container are applicable to REST resources that are deployed in WebSphere Application Server.
We can define and add security constraints on the REST resources using the same tooling used to assemble REST applications. These constraints are captured in the J2EE web deployment descriptor that is associated with the application. The following list describes security definitions that we can include in the deployment descriptor:
- User authentication when invoking REST resources embodied in the application, including
- HTTP basic authentication
- Form login authentication
- Authorization control over REST resources as defined by the URL patterns for the resources
- Use of SSL for transport when invoking REST resources
- Programmatic use of the SecurityContext object to determine user identity and roles
All the security mechanisms supported by the web container are applicable to REST resources, including the use of the Kerberos-based SPNEGO authentication mechanism.
- Configure the development environment.
- Define resources in JAX-RS web applications.
- Configure the JAX-RS application.
- Secure JAX-RS applications within the web container.
- Secure JAX-RS resources using annotations.
- (Optional) Secure downstream JAX-RS resources.
- (Optional) Secure JAX-RS clients using SSL.
- Assemble JAX-RS web applications.
- Deploy JAX-RS web applications.
- Administer the secure JAX-RS application.
Results
You have developed and deployed a secure JAX-RS web application on the application server. We can also use the console to administer the secure JAX-RS application.
Subtopics
- Configure the development environment.
- Define resources in JAX-RS web applications.
- Configure the JAX-RS application.
- Secure JAX-RS applications within the web container.
- Secure JAX-RS resources using annotations.
- (Optional) Secure downstream JAX-RS resources.
- (Optional) Secure JAX-RS clients using SSL.
- Assemble JAX-RS web applications.
- Deploy JAX-RS web applications.
- Administer the secure JAX-RS application.
Related concepts
Overview of Java API for RESTful Web Services (JAX-RS)
Related tasks
Secure JAX-RS applications within the web container Secure downstream JAX-RS resources Secure JAX-RS clients using SSL Administer secure JAX-RS applications Implement JAX-RS web applications
Web services specifications and APIs