How to do kerberos / spnego support in a restful service ?

Question

I have a client written by C, it uses libcurl to send json to a restful api service(say it server). The server was written by java, the restful api was implemented by jersey, one of JAX-RS( It's very simple and can switch to another JAX-RS implementation). Now I want to do some security work between the C client access to the java restful api server. I searched on the Internet that seems I should use kerberos or spnego for the HTTP access. I met some problem.

1. I want to use kerberos/spnego authentication. But I look through the security part of jersey doc (https://jersey.java.net/documentation/latest/security.html) and I didn't found any kerberos related doc. Do you know whether jersey support kerberos ?

2. If I switch to Apache CXF,is it easy to switch ? I checked the doc about CXF kerberos support. Looks like it's too simple, do you have any detail doc or simple example to support kerberos authentication when using Apache CXF ?

If there is anything wrong, please correct me. Thanks.

Answer 1

This is achievable with Jersey. Jersey Client uses ClosableHttpClient in its implementation.

If you want to use SPNEGO authentication scheme for Kerberos, you may have to write a custom Connector and ConnectorProvider [ I haven't found a way to set AuthenticationScheme with ApacheConnector].

Check this post too for reference if it solves your usecase Can JCIFS be used with Jersey? :)