Secure JAX-RS web applications

Securing JAX-RS web applications

Subtopics

Secure JAX-RS applications within the web container
We can use the security services available from the web container to secure Representational State Transfer (REST) resources. We can configure security mechanisms that define user authentication, transport security, authorization control, and user to role mappings.

Secure JAX-RS resources using annotations
We can secure Java API for RESTful Web Services (JAX-RS) resources by using annotations that specify security settings.

Secure downstream JAX-RS resources
We can secure downstream Java API for RESTful Web Services (JAX-RS) resources by configuring the BasicAuth method for authentication and using the LTPA JAX-RS security handler to take advantage of single sign-on for user authentication.

Secure JAX-RS clients using SSL
We can secure the communications between the Java API for RESTful Web Services (JAX-RS) application and clients that invoke the application by using Secure Sockets Layer (SSL) transport layer security.

Administer secure JAX-RS applications
We can use the console to administer Java API for RESTful Web Services (JAX-RS) applications that have enabled security mechanisms.