Geek Answers Handbook

Recovery web application (security) in java

we are developing two web applications Appendix A: Restoring web services running on the Glassfish server. Appendix B: Dynamics web application running on the Tomcat server.

I get access to application A only by my application B, I do not want any other application to access my application A. For this, I planned to install the Client-server certificate on the corresponding server, so that my application A will only have access to my to application B, I want to block another application to access my application A. Could you tell me how to install the client-server certificate on the corresponding server?

If anyone has a better alternative to get this, please explain to me.

Please explain an example, please.

thanks

+4
source share
3 answers

Are you looking for authentication and authorization ?. if so, you can use spring security. If you are only looking for authentication (root level access) with a specific user ID and password, use basic authentication. it will check if the user is valid and has access to the urls.

check the urls for code and more info.

How to perform basic authentication?

How to use RESTful web services with basic authentication?

0
source

As you use Java, I suggest that you use the Spring Framework if you can share authentication between applications using Spring Session

0
source
  • I had a sample code that uses pure java for simple and basic auth. It can fit your needs.
  • Use postman to install and uninstall basic auth to verify it.
  • benefit: simple. No material is needed other than javax.ws.rs. *
  • only if you have 100% control over application B (this is the same as my projects) - is it an internal application (not a public web page).

the code:

// to inject request @Context private HttpServletRequest request; @GET @Path("/testAuth") @Produces(MediaType.APPLICATION_JSON) public Response testAuth() { // TODO // this is only a template for doing authentication in the near future String returnString = ""; //check if authenticated String authorization = request.getHeader("Authorization"); if (authorization == null || authorization.toUpperCase().startsWith("BASIC ") == false) { //no authenticated returnString = "{\"testAuth\", \"need authentication\"}"; return Response.status(401).entity(returnString).build(); } else{ String credentials = authorization.substring("Basic".length()).trim(); byte[] decoded = DatatypeConverter.parseBase64Binary(credentials); String decodedString = new String(decoded); String[] actualCredentials = decodedString.split(":"); String ID = actualCredentials[0]; String Password = actualCredentials[1]; String Result = userAuthenticate(ID, Password); returnString = "{\"testAuth\", \"" + " (" + Result + ") \"}"; return Response.status(200).entity(returnString).build(); } }
0
source

More articles:


All Articles