Announcement Announcement Module
No announcement yet.
Access Token and Acegi on a REST/JSON Webservice Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Access Token and Acegi on a REST/JSON Webservice


    I've read the forums a bit and wanted to get some advice on the best approach -

    I'm trying to setup a REST/ JSON web service using CXF and Acegi (yes not Spring Security yet). The primary consumer of the webservice is a mobile device. The webservice must be able to authenticate a user on the very first call, and then assign a token that can be used to authenticate the user on subsequent requests. I'd like to confirm if -

    1) Acegi provides an access token solution out of the box?, or,
    2) Will a filter need to be setup, before the Acegi filters are hit, so that it can accept a token from the request header, map it to a username/ password and add these credentials to the SecurityContext?
    3) Should I use OAuth, which seems overkill since the webservice does not need to communicate with a facebook or linkedin.
    4) Is Kerberos an option given my application is on a Unix box?


  • #2
    A small update -

    A team member investigated OAuth, and determined that a 2-legged authentication fits nicely, while securing access to a webservice API via access tokens.