This chapter describes how to secure a RESTful web service using basic authentication.
This chapter contains the following sections:
The use case summary helps you quickly determine whether information in this chapter meets your needs.
The following list summarizes the use case goals, solution, and components. Links to required documentation are also provided.
Secure a RESTful web service using basic authentication.
Develop a RESTful web service and secure it by attaching an Oracle Web Services Manager (OWSM) basic authentication policy.
Oracle WebLogic Server
Oracle Web Services Manager (OWSM)
Oracle JDeveloper
To complete this use case, see the following documentation resources:
Developing and Securing RESTful Web Services for Oracle WebLogic Server
"Developing and Securing RESTful Web Services" in Developing Applications with Oracle JDeveloper
This use case demonstrates the steps required to:
Create a simple HelloWorld
RESTful web service using JDeveloper.
Display the name of the authenticated user in the output message using javax.ws.rs.core.SecurityContext
.
Package the RESTful web service with an Application subclass to define the components of a RESTful web service application deployment and provide additional metadata.
Secure all RESTful web services, by default, by defining an OWSM global policy.
Deploy the RESTful web service as a WAR file to WebLogic Server using the WebLogic Server Administration Console.
Verify the HelloWorld
web service using a browser.
To implement the use case: Secure a RESTful web service using basic authentication., complete the following steps:
Before you begin, ensure that you have performed the following tasks:
Before you deploy RESTful resources, first define a global policy to secure all RESTful resources by default.
The following procedure defines an OWSM global policy set and assigns it to all RESTful resources. The oracle/wss_http_token_service_policy
policy is attached to the policy configure basic authentication for all RESTful resources.
For more information about the web service WLST commands, see "Web Services WLST Custom WLST Commands" in WLST Command Reference for Infrastructure Components.
To secure all RESTful resources by default:
Note:
For the complete procedure, see "Attaching Policies Globally Using WLST" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Create a simple HelloWorld RESTful web service using JDeveloper by performing the following steps:
Note:
For assistance at anytime when using JDeveloper, press F1 or click Help.
For the complete procedure, see "Creating a RESTful Web Service" in Developing Applications with Oracle JDeveloper
The following procedure illustrates how to get the authenticated user using javax.ws.rs.core.SecurityContext
.
For more information, see "Securing RESTful Web Services Using SecurityContext" in Developing and Securing RESTful Web Services for Oracle WebLogic Server.
To get the authenticated user using SecurityContext
:
The following procedure illustrates how to create a class that extends javax.ws.rs.core.Application
to define the components of a RESTful web service application deployment and provides additional metadata. For more information, see "Packaging With an Application Subclass" in Developing and Securing RESTful Web Services for Oracle WebLogic Server.
To package the RESTful web service with an Application subclass:
Deploy the RESTful web service application as a WAR file to WebLogic Server.
To deploy the RESTful web service:
Create a deployment profile for the Web application:
Define the profile type and name using the Create Deployment Profile wizard.
Invoke the Create Deployment Profile wizard by right-clicking on the RESTful Service application and selecting Deploy > New Deployment Profile. For assistance at anytime, press F1 or click Help.
Define the following characteristics.
- Profile Type: WAR File
- Deployment Profile Name: helloworld
Define the context root for the Web application using the Edit WAR Deployment Profile Properties wizard.
The Edit WAR Deployment Profile Properties wizard is invoked automatically when you click OK in the Create Deployment Profile wizard. For assistance at anytime, press F1 or click Help.
Define the following characteristics:
- Specify Java EE Web Context Root: restservice
Deploy the web application with the following characteristics using the Deploy <application> wizard.
Invoke the Deploy <application> wizard by right-clicking the RESTfulService application and selecting Deploy > helloworld. For assistance at anytime, press F1 or click Help.
Define the following characteristics:
Deployment Action: Deploy to WAR
View the WAR file in your configured project directory. For example:
c:\JDeveloper\mywork\RESTfulApplication\RESTfulService\deploy\helloworld.war
Deploy the WAR file on WebLogic Server. For more information, see "Deploy applications and modules" in Oracle WebLogic Server Administration Console Online Help.
You can access RESTful web service from a browser.
To access the RESTful web service in a browser, enter the following URL in a browser to test the RESTful web service:
http://<host>:<port>/restservice/resources/helloworld
For example, http://localhost:7001/restservice/resources/helloworld
.
Enter the WebLogic Server username and password when prompted. For example, weblogic and welcome1.
The following message is returned in the browser:
Hello weblogic!
You can test basic and advanced features of your web service using the Web Services Test Client or Test Web Service page in Fusion Middleware Control. For more information, see "Testing Web Services" in Administering Web Services.
Refer to the following resources for more information about developing and securing RESTful web services and clients:
Build RESTful web services with JAX-RS sample, as described in "Java EE 6 Examples" in Understanding Oracle WebLogic Server.
Developing and Securing RESTful Web Services for Oracle WebLogic Server
"Developing and Securing RESTful Web Services" in Developing Applications with Oracle JDeveloper