You can secure a RESTful web service by using basic authentication. This use case explains the procedure to do that.
This chapter contains the following sections:
Summary of the use case goals, solution, components, and links to required documentation resources.
Secure a RESTful web service using basic authentication.
Develop a RESTful web service and secure it by attaching an Oracle Web Services Manager (OWSM) basic authentication policy.
Oracle WebLogic Server
Oracle Web Services Manager (OWSM)
Oracle JDeveloper
To complete this use case, see the following documentation resources:
"Developing and Securing RESTful Web Services" in Developing Applications with Oracle JDeveloper
This use case demonstrates the steps required to:
Create a simple HelloWorld
RESTful web service using JDeveloper.
Display the name of the authenticated user in the output message using javax.ws.rs.core.SecurityContext
.
Package the RESTful web service with an Application subclass to define the components of a RESTful web service application deployment and provide additional metadata.
Secure all RESTful web services, by default, by defining an OWSM global policy.
Deploy the RESTful web service as a WAR file to WebLogic Server using the WebLogic Server Administration Console.
Verify the HelloWorld
web service using a browser.
To implement a secure RESTful web service using basic authentication, you need to perform a sequence of tasks.
Before implementing RESTful Web Service by using basic authentication, download and install product components, configure WebLogic domain, start the Administration Server, and get the access to Oracle Enterprise Manager Fusion Middleware Control and Oracle WebLogic Server Administration Console.
Before you begin, ensure that you have performed the following tasks:
Before you deploy RESTful resources, first define a global policy to secure all RESTful resources by default.
The following procedure defines an OWSM global policy set and assigns it to all RESTful resources. The oracle/wss_http_token_service_policy
policy is attached to the policy configure basic authentication for all RESTful resources.
For more information about the web service WLST commands, see "Web Services WLST Custom WLST Commands" in WLST Command Reference for Infrastructure Components.
To secure all RESTful resources by default:
Note:
For the complete procedure, see "Attaching Policies Globally Using WLST" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
You can create a simple HelloWorld RESTful web service by using JDeveloper.
Procedure:
Note:
For assistance at anytime when using JDeveloper, press F1 or click Help.
For the complete procedure, see "Creating a RESTful Web Service" in Developing Applications with Oracle JDeveloper
You can authenticate a user by using javax.ws.rs.core.SecurityContext
.
For more information, see "Securing RESTful Web Services Using SecurityContext" in Developing and Securing RESTful Web Services for Oracle WebLogic Server.
To get the authenticated user using SecurityContext
:
You can create a class that extends javax.ws.rs.core.Application
to define the components of a RESTful web service application deployment and provides additional metadata.
For more information, see "Packaging With an Application Subclass" in Developing and Securing RESTful Web Services for Oracle WebLogic Server.
To package the RESTful web service with an Application subclass:
Deploy the RESTful web service application as a WAR file to WebLogic Server.
To deploy the RESTful web service:
Create a deployment profile for the Web application:
Define the profile type and name using the Create Deployment Profile wizard.
Invoke the Create Deployment Profile wizard by right-clicking on the RESTful Service application and selecting Deploy > New Deployment Profile. For assistance at anytime, press F1 or click Help.
Define the following characteristics.
- Profile Type: WAR File
- Deployment Profile Name: helloworld
Define the context root for the Web application using the Edit WAR Deployment Profile Properties wizard.
The Edit WAR Deployment Profile Properties wizard is invoked automatically when you click OK in the Create Deployment Profile wizard. For assistance at anytime, press F1 or click Help.
Define the following characteristics:
- Specify Java EE Web Context Root: restservice
Deploy the web application with the following characteristics using the Deploy <application> wizard.
Invoke the Deploy <application> wizard by right-clicking the RESTfulService application and selecting Deploy > helloworld. For assistance at anytime, press F1 or click Help.
Define the following characteristics:
Deployment Action: Deploy to WAR
View the WAR file in your configured project directory. For example:
c:\JDeveloper\mywork\RESTfulApplication\RESTfulService\deploy\helloworld.war
Deploy the WAR file on WebLogic Server. For more information, see "Deploy applications and modules" in Oracle WebLogic Server Administration Console Online Help.
You can verify a RESTful web service from a browser. You can test basic and advanced features of your web service by using the Web Services Test Client or Test Web Service page in Fusion Middleware Control.
To access the RESTful web service in a browser, enter the following URL in a browser to test the RESTful web service:
http://<host>:<port>/restservice/resources/helloworld
For example, http://localhost:7001/restservice/resources/helloworld
.
Enter the WebLogic Server username and password when prompted. For example, weblogic and welcome1.
The following message is returned in the browser:
Hello weblogic!
You can test basic and advanced features of your web service using the Web Services Test Client or Test Web Service page in Fusion Middleware Control. For more information, see "Testing Web Services" in Administering Web Services.
Additional resources that provide more information about developing and securing RESTful web services and clients.
Build RESTful web services with JAX-RS sample, as described in "Java EE 6 Examples" in Understanding Oracle WebLogic Server.
"Developing and Securing RESTful Web Services" in Developing Applications with Oracle JDeveloper