A very simple way to enable BASIC Authentication to a REST resource using JAX-RS, it’s using the features offered by the Java EE platform (totally out-of-the-box).
One needs to setup a user on the application server that belongs to a Role. If you want to rely on the “other” Security domain (default) it’s enough to execute the add-user.sh /add-user.cmd script which is available in the JBOSS_HOME/bin folder.
What type of user do you wish to add?
a) Management User (mgmt-users.properties)
b) Application User (application-users.properties)
Enter the details of the new user to add.
Using realm ‘ApplicationRealm’ as discovered from the existing property files.
Username : jboss
Re-enter Password :
What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]: Manager
About to add user ‘jboss’ for realm ‘ApplicationRealm’
Is this correct yes/no? yes
We created the “jboss” user that belongs to the “Manager” group.
Done with the user, we will add to our REST Web service application the Security Constraints so that all of our services will be available only to the Manager user:
<security-constraint> <web-resource-collection> <web-resource-name>RESTAuth</web-resource-name> <description>Enabling Basic Authentication</description> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>Manager</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Roles</realm-name> </login-config> <security-role> <role-name>Manager</role-name> </security-role>
Finally, we will specify that the web application uses the “other” Security Domain in the jboss-web.xml file:
<jboss-web> <security-domain>java:/jaas/other</security-domain> </jboss-web>