Reputation: 1154
Restful Web Service with Kerberos Authentication
Starting a new project to create a restful Web Service that requires callers to be Authenticated by Kerberos (Active Directory).
The web service will be hosted by Tomcat and I was planning to use JAX-RS with JAAS but I'm not finding much information on this, does anyone have information or experience on getting this to work?
Should I be looking at Spring and Spring Security instead?
Upvotes: 3
Views: 19240
Answers (3)
Reputation: 65
In Kerberos there are two severs url involved authentication server and the other ticketing server. If you go to browser console under ticketing server response parameter you can see a cookie that you can utilise to authenticate your rest api by utilising it as a request parameters.
That’s the only solution to authenticate your rest api.
Upvotes: 0
Reputation: 51
I have the same issue. I googled extensively and not found a good answer.
The problem is that the issue has several layers and most answers point to (usually vague) solutions for only one layer.
And there is not a single complete and clear example for the end-to-end solution.
LAYERS
- Client call to rest service using kerberos/windows logged in credentials.
- Answers usually show how to use kerberos to authenticate but fail to say how to use it to pass the logged in credentials to the REST service.
- Both Spring REST client functionality and native Java seem capable of doing this but it is not clear how.
- Processing by the REST service of the authentication request by the client that is authenticating via windows/kerberos.
- Spring REST service functionality appears to be the easiest way to implement it but again it is not clear how to tell the REST service to expect that authentication method.
- Either forwarding the client kerberos credentials to whatever resource the REST service is trying to access, or get a success/failure and then the REST service uses kerberos/windows authentication itself (different credentials from the clients) to access a resource.
I hope this clarification of the issue helps in producing a good answer.
Upvotes: 2
Reputation: 68715
Apache provides good documentation for using JAXRS with kerberos. Here is the link:
http://cxf.apache.org/docs/jaxrs-kerberos.html
Upvotes: 7
Related Questions
- JAX-RS REST API Basic Authentication
- How to authenticate a Web Service Client with JAX-WS / SOAP
- Authenticating with an API key in JAX-RS
- Jax RS Authorization
- JAX-RS - Authentication and getting user data in RESTful web services
- JAX-RS: How to secure REST endpoints?
- Authentication method for REST Web Service using SecurityContext
- Authentication in a RESTful web-service
- JAX-RS: REST Client for Basic HTTP Authentication
- Java Restful Web Services (jax rs) authentication pattern