Jersey REST Server安全性和Android客户端安全性

时间:2022-08-08 19:35:20

I know that this may be a duplicate question,but I could not find any answer that satisfies my need. If anyone can link me to that URL or can help me by guideline it would be very nice.

我知道这可能是一个重复的问题,但我找不到满足我需要的任何答案。如果有人可以将我链接到该URL或者可以通过指南帮助我,那将是非常好的。

We have a legacy JSP web application and now we are trying to have a android version of it. I have developed a Jersey REST service to get data from server to my android application. Now I need to implement the security of this server and android client. my all will be installed on clients mobile (not in app market) and it can contain critical informations.

我们有一个遗留的JSP Web应用程序,现在我们正在尝试拥有它的Android版本。我开发了一个Jersey REST服务来从服务器获取数据到我的android应用程序。现在我需要实现这个服务器和android客户端的安全性。我的所有将安装在移动客户端(不在应用程序市场),它可以包含关键信息。

My questions are:

我的问题是:

1) what is the most convenient,easy but powerful way to put authentication and authorization on my Jersey REST provider? currently my service is on Jetty but later on production it will be on websphere. my database can be either sql server or oracle.

1)在Jersey REST提供程序上放置身份验证和授权的最方便,最简单但最强大的方法是什么?目前我的服务是在Jetty上,但后来生产它将在websphere上。我的数据库可以是sql server或oracle。

2) making my REST server security in such a way that my android clients security is good and now to implement the android security. Sample code is not required but a guideline is helpful for me.

2)以我的android客户端安全性良好的方式使我的REST服务器安全,现在实现android安全性。示例代码不是必需的,但指南对我有帮助。

I have read about spring security,Shiro,OAuth and others but did not find a full explanation of how to secure a Jersey web service. There are some in Oauth but it seems ab overhead to me. token based and SSL seems a good idea too.

我读过有关Spring security,Shiro,OAuth等的内容,但没有找到如何保护Jersey Web服务的完整说明。在Oauth有一些但对我来说似乎是开销。基于令牌和SSL似乎也是一个好主意。

If someone can guide me to step by step TO-Do it would really be helpful for me.

如果有人可以指导我一步一步TO-Do对我来说真的很有帮助。

thanks.

谢谢。

1 个解决方案

#1


0  

you can start with Jersey https clientserver sample

你可以从Jersey https clientserver示例开始

http://search.maven.org/#artifactdetails|com.sun.jersey.samples|https-clientserver-grizzly|1.15|jar

http://search.maven.org/#artifactdetails|com.sun.jersey.samples|https-clientserver-grizzly|1.15|jar

there are "protected" resources and clients using its certificates to access them. Only issue you might have is running this app on websphere (it might require some additional filter which would extract credentials from request), but shouldn't be very hard to solve it.

有“受保护”资源和客户端使用其证书来访问它们。只有您可能遇到的问题是在websphere上运行此应用程序(它可能需要一些额外的过滤器,这将从请求中提取凭据),但不应该很难解决它。

#1


0  

you can start with Jersey https clientserver sample

你可以从Jersey https clientserver示例开始

http://search.maven.org/#artifactdetails|com.sun.jersey.samples|https-clientserver-grizzly|1.15|jar

http://search.maven.org/#artifactdetails|com.sun.jersey.samples|https-clientserver-grizzly|1.15|jar

there are "protected" resources and clients using its certificates to access them. Only issue you might have is running this app on websphere (it might require some additional filter which would extract credentials from request), but shouldn't be very hard to solve it.

有“受保护”资源和客户端使用其证书来访问它们。只有您可能遇到的问题是在websphere上运行此应用程序(它可能需要一些额外的过滤器,这将从请求中提取凭据),但不应该很难解决它。