Enabling BASIC Authentication to a REST Resource

A very simple way to enable BASIC Authentication to a REST resource using JAX-RS, it’s using the features offered by the Java EE platform (totally out-of-the-box).

One needs to setup a user on the application server that belongs to a Role. If you want to rely on the “other” Security domain (default) it’s enough to execute the add-user.sh /add-user.cmd script which is available in the JBOSS_HOME/bin folder.

What type of user do you wish to add?

a) Management User (mgmt-users.properties)

b) Application User (application-users.properties)

(a): b

Enter the details of the new user to add.

Using realm ‘ApplicationRealm’ as discovered from the existing property files.

Username : jboss

Password :

Re-enter Password :

What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]: Manager

About to add user ‘jboss’ for realm ‘ApplicationRealm’

Is this correct yes/no? yes

We created the “jboss” user that belongs to the “Manager” group.

Done with the user, we will add to our REST Web service application the Security Constraints so that all of our services will be available only to the Manager user:

        <description>Enabling Basic Authentication</description>

Finally, we will specify that the web application uses the “other” Security Domain in the jboss-web.xml file:


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s