Security (Jersey router)

This module provides JAX-RS filters that set javax.ws.rs.core.SecurityContext for requests authenticated with various authentication schemes.

Note: If using Jersey 3.X, replace all imports containing javax.ws with jakarta.ws, and replace the dependency with: * servicetalk-http-security-jersey3-jakarta9 for Jersey 3.0.X * servicetalk-http-security-jersey3-jakarta10 for Jersey 3.1.X

Basic Authentication

This module establishes a JAX-RS SecurityContext for requests that have been authenticated with the Basic HTTP Authentication Scheme (RFC7617), via the BasicAuthHttpServiceFilter from servicetalk-http-utils. Therefore a BasicAuthHttpServiceFilter must be configured for all requests that are filtered by this module. This can be achieved by configuring the BasicAuthHttpServiceFilter either globally for the whole ServiceTalk HTTP server or to specific paths with the HttpPredicateRouterBuilder.

This is similar to configuring security at JavaEE container level in web.xml.

BasicAuthSecurityContextFilters provides factory methods for the two main types of JAX-RS filters:

  • Globally bound filters, which are applied to all resources of the JAX-RS javax.ws.rs.core.Application,

  • Name bound filters, which needs to be manually applied to specific resources via the provided @BasicAuthenticated annotation.

Each of these main types come in two different flavors:

  • User info filters, which require the upstream BasicAuthHttpServiceFilter to have set an object containing user information in the ServiceTalk AsyncContext. These filters convert the user info into a java.security.Principal (unless it is already a Principal instance) and establish a request SecurityContext using this Principal.

  • No user info filters, which do not expect any user information in the AsyncContext. These filters use an anonymous Principal when setting the request SecurityContext.

Filter builders allow configuring the strategies used for creating Principal and SecurityContext instances, in case the default strategies described above are not sufficient.