nkvp
nkvp

Reputation: 342

Web Service authentication in Java EE

When developing a Web service(Hospital Management System) using Java EE, is it necessary that for each Web Service call, it has to be checked that the user is logged in??

Which authentication method is the best JAAS, WS-Security, SAML, or a combination or using own tokens??

Upvotes: 4

Views: 3116

Answers (2)

Kris
Kris

Reputation: 5792

It all depends on how is your web service implemented/or its going to be. If you still have a choice I would recommend going with REST approach, authenticate the user with some kind of login functionality and then maintain users session.

Upvotes: 1

Timo89
Timo89

Reputation: 521

You can use filters.

Here's an example of how to use filters:

http://viralpatel.net/blogs/2009/01/tutorial-java-servlet-filter-example-using-eclipse-apache-tomcat.html

Basically you define the url's where you want the filters to apply, the filter authorizes the user and then calls chain.doFilter(request, response); to call the requested method after authorization.

You can also take a look at this jax-rs rest webservice authentication and authorization

Personally, I use tokens for authorization.

Upvotes: 1

Related Questions