Java Reference
In-Depth Information
Chapter 29. Examples for
Chapter 15
The chapter goes over some example code that illustrates a few of the concepts and APIs you
were introduced to in
Chapter 15
. In the first example, you'll write two custom security plug-
ins. In the second example, you'll use JSON Web Encryption to add more security to a chat
application.
Example ex15_1: Custom Security
In the first example, we will write two custom security features using JAX-RS filters. The
first feature is a custom authentication protocol. The second will be a custom access policy.
The example applies these security features to the code we wrote in
ex06_1
.
One-Time Password Authentication
The first custom security feature we'll write is one-time password (OTP) authentication. The
client will use a credential that changes once per minute. This credential will be a hash that
we generate by combining a static password with the current time in minutes. The client will
send this generated one-time password in the
Authorization
header. For example:
GET
/customers
HTTP
/
1.1
Authorization
:
<username> <generated_password>
/customers
HTTP
The header will contain the username of the user followed by the one-time password.
The server code
We will enforce OTP authentication only on JAX-RS methods annotated with the
@OTPAuthenticated
annotation:
src/main/java/com/restfully/shop/features/OTPAuthenticated.java
@Target
({
ElementType
.
METHOD
,
ElementType
.
TYPE
})
@Retention
(
RetentionPolicy
.
RUNTIME
)
@NameBinding
public
public
@interface
OTPAuthenticated
{
}
When declared on a JAX-RS method, this annotation will trigger the binding of a
Contain-
erRequestFilter
that implements the OTP algorithm using the
@NameBinding
technique
