Superpatterns Pat Patterson on the Cloud, Identity and Single Malt Scotch

17Aug/092

Securing REST Web Services With OAuth

It's been a while since the last OpenSSO article at Sun Developer Network (the excellent, three-part, Troubleshooting OpenSSO with Firefox Add-Ons), but Malla and Rick have come up trumps with Securing REST Web Services With OAuth.

The article recasts the tried and true 'stock quote sample' as a RESTful web service with access protected by OAuth via OpenSSO and Jersey (Sun's open source implementation of JAX-RS, aka JSR 311). This is technology that has hitherto only been demonstrated in a demo at JavaOne 2009, so it's great to see it being successfully applied here.

Go read the article and discover how OpenSSO, Jersey and OAuth combine to secure RESTful web services!

Filed under: OpenSSO Leave a comment
Comments (2) Trackbacks (0)
  1. Hi! Thank you for useful tips!
    May I ask one question?
    I have 1 Sun App Server with two applications that i want to protect with opensso and 1 opensso agent. I decide to create 2 subreams in OpenSSO server for applications user data. Is there the way to use different login pages for my applications?
    Thank you very much.
    BR, Maria

  2. Hi Maria – I think you could do this by customizing the login page. I’m not sure if you can have two login JSPs (one per realm), but you can certainly customize a single login JSP to do things like look at the realm parameter and show different UI accordingly.

    BTW – the best place for questions like this is the OpenSSO users list – to subscribe:

    1. Go to https://www.dev.java.net/servlets/Join and register for a java.net account.
    2. Go to https://opensso.dev.java.net/servlets/ProjectMembershipRequest and request ‘Observer’ role on OpenSSO.
    3. Go to https://opensso.dev.java.net/servlets/ProjectMailingListList and subscribe to ‘users@opensso.dev.java.net’.


Leave a comment

No trackbacks yet.