java 使用 JAX-RS Jersey 进行身份验证和授权的简便方法
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/17941939/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Easy way for Authentication and Authorization with JAX-RS Jersey
提问by jvataman
I'm pretty new to REST and am currently developing an API with JAX-RS Jersey. I am curious on what is the easiest way to implement a user Management. I.e. users must log in and have restricted access to different resources depending on their role. From what I understand, using OAuth 2.0 is the current standard. Can I implement that with Jersey? Does anyone have a few links for me to get me started (examples, tutorials)? Or would you suggest another approach?
我对 REST 很陌生,目前正在使用 JAX-RS Jersey 开发 API。我很好奇实现用户管理的最简单方法是什么。即用户必须登录并根据他们的角色限制访问不同的资源。据我了解,使用 OAuth 2.0 是当前的标准。我可以在 Jersey 中实现吗?有没有人有一些链接可以让我入门(示例、教程)?或者你会建议另一种方法吗?
Thanks a lot
非常感谢
回答by Juned Ahsan
There are multiple ways to achieve that, let me point few of them:
有多种方法可以实现这一点,让我指出其中的几个:
HTTP Basic authentication (BA)implementation is the simplest technique for enforcing access controls to web resources because it doesn't require cookies, session identifier and login pages. Rather, HTTP Basic authentication uses static, standard HTTP headers which means that no handshakes have to be done in anticipation.
Role based access controlfor J2EE applications using realm
HTTP 基本身份验证 (BA)实现是对 Web 资源实施访问控制的最简单技术,因为它不需要 cookie、会话标识符和登录页面。相反,HTTP 基本身份验证使用静态、标准的 HTTP 标头,这意味着不必在预期中进行握手。
使用领域的 J2EE 应用程序基于角色的访问控制
回答by TheArchitect
There's an OAuth 1.0 contrib for Jersey @ https://wikis.oracle.com/display/Jersey/OAuthWorks great for me. OAuth 2 is not really a standard yet as it's not finished and there's still a lot of debate and interoperability issues around it.
泽西岛有一个 OAuth 1.0 贡献 @ https://wikis.oracle.com/display/Jersey/OAuth对我来说很棒。OAuth 2 还不是真正的标准,因为它还没有完成,围绕它仍然存在很多争论和互操作性问题。
