CODEWITHSUNDEEP
javasecurityrestwebsphere
sreejith sasidharan
sreejith sasidharan

Reputation: 65

Websphere Application Server Secure REST API

I want to expose a REST API from Webpshere Application Server 8. I could be able to successfully expose a REST endpoint without security. But while adding security I'm getting 404 error code as follows:

[5/6/15 7:44:20:369 CAT] 00000063 RequestProces I org.apache.wink.server.internal.RequestProcessor logException The following error occurred during the invocation of the handlers chain: WebApplicationException (404 - Not Found) with message 'null' while processing GET request sent to http://localhost:9080/StudentWeb/student/service/students/100

Please find the web.xml used:

<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="3.0"
    xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
  <servlet>
    <servlet-name>StudentWebServelet</servlet-name>
    <servlet-class>com.ibm.websphere.jaxrs.server.IBMRestServlet</servlet-class>
    <init-param>
        <param-name>javax.ws.rs.Application</param-name>
        <param-value>com.student.rest.StudentApplication</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet-mapping>
    <servlet-name>StudentWebServelet</servlet-name>
    <url-pattern>/student/*</url-pattern>       
  </servlet-mapping>
  <security-role>
    <description>Registered Users</description>
    <role-name>RegisteredUsers</role-name>
  </security-role>  
  <security-constraint>
    <display-name>StudentSecurity</display-name>
    <web-resource-collection>
        <web-resource-name>Student resource</web-resource-name>
        <url-pattern>/student/service/*</url-pattern>
        <http-method>GET</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>RegisteredUsers</role-name>
    </auth-constraint>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
  </security-constraint>
</web-app>

Upvotes: 1

Views: 1304

Answers (2)

Phani Pulapa
Phani Pulapa

Reputation: 61

you can have two servlet mappings. one for secured APIs and other one is for public APIs. using authenticate the secured APIs, give the APIs path in that url mapping.

If you have a login form use the form based authentication as well.

Upvotes: 0

sreejith sasidharan
sreejith sasidharan

Reputation: 65

I did come right with a solution. All my secured resource path will be "/services/{resource name}".

@Path(value="/secured/students") public class StudentResource extends AbstractResource {

@Inject
StudentBeanLocal studentBeanLocal;

}

Unsecured resource will be something like @path(value="/address").

Upvotes: 1

Related Questions