Call REST service while impersonating a user that is already authorized to the glasfish server

Posted by user1894489 on Stack Overflow See other posts from Stack Overflow or by user1894489
Published on 2012-12-12T23:02:14Z Indexed on 2012/12/12 23:03 UTC
Read the original article Hit count: 215

Filed under:

rest

|

authentication

|

glassfish

|

client

|

impersonation

There are two web-applications deployed on a glassfish server.
Both web applications provide a REST web service.
the access to both web-services is secured via glassfish security constraints (at the moment BASIC Auth and file-realm).

Let's say a user is accessing the service of web application A. After he is authorized, service A wants to call service B via REST client.

Is there a way for a service to impersonate a user that is already authorized to the glasfish server? Maybe something like forwarding the security context or editing the headers? Is there another Filter?

@Context
private SecurityContext securityContext;

username = securityContext.getUserPrincipal().getName();
password = ???    

client.addFilter(new com.sun.jersey.api.client.filter.HTTPBasicAuthFilter(username, password));

Thanks!

© Stack Overflow or respective owner

Related posts about rest

REST: How to store and reuse REST call queries

as seen on Programmers - Search for 'Programmers'
I'm learning C# by programming a real monstrosity of an application for personal use. Part of my application uses several SPARQL queries like so: const string ArtistByRdfsLabel = @" PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> PREFIX rdfs: <http://www.w3.org/2000/01/rdf-schema#> SELECT… >>> More
REST Framework - MS Web Api vs the rest of the field

as seen on Programmers - Search for 'Programmers'
I am a .NET developer who is looking into the OSS world for a REST framework similar to Microsoft's Web Api. I'll be starting a personal project soon and need to develop both a web site and an API with the API coming first. I've ruled out Ruby on Rails just because I feel that with my background… >>> More
Self Hosted WCF REST Service or Hosting WCF REST Service in Console Application

as seen on C# Corner - Search for 'C# Corner'
n this article, I will show you How to create a REST based service, How to host a REST,based service in Console application and How to consume a REST Service at client. >>> More
Trouble determining proper decoding of a REST response from an ArcGIS REST service using IHttpModule

as seen on Stack Overflow - Search for 'Stack Overflow'
First a little background on what I am trying to achieve. I have an application that is utilizing REST services served by ArcGIS Server and IIS7. The REST services return data in one of several different formats. I am requesting a JSON response. I want to be able to modify the response (remove… >>> More
WCF REST on .Net 4.0

as seen on Geeks with Blogs - Search for 'Geeks with Blogs'
A simple and straight forward article taken from: http://christopherdeweese.com/blog2/post/drop-the-soap-wcf-rest-and-pretty-uris-in-net-4 Drop the Soap: WCF, REST, and Pretty URIs in .NET 4 Years ago I was working in libraries when the Web 2.0 revolution began. One of the things that caught… >>> More

Related posts about authentication

Configuring Fed Authentication Methods in OIF / IdP

as seen on Oracle Blogs - Search for 'Oracle Blogs'
In this article, I will provide examples on how to configure OIF/IdP to map OAM Authentication Schemes to Federation Authentication Methods, based on the concepts introduced in my previous entry. I will show examples for the three protocols supported by OIF: SAML 2.0 SSO SAML… >>> More
windows authentication vs sql server authentication for asp.net forms authentication site

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a database and a site having forms authentication. It is working fine with VS2008. This time, I am using "Trusted_connection =True". But when it is opened from outside or directly from browser then I am getting error "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'." I know this is due… >>> More
Disable authentication on subfolder(s) of an ASP.NET app using windows authentication

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, Is it possible to disable windows authentication on one or more subfolders of an ASP.net application using windows authentication? >>> More
AutoCompleteExtender - authentication failure (forms authentication)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm using the AutoCompleteExtender from the AJAX control toolkit on my aspx page - I have it wired up to a WCF service that is returning a string array and everything works happily. If I change my service definition to include a demand for the caller to be authenticated, like so: <OperationContract()… >>> More
Ruby on Rails , functionalities having twitter authentication and email authentication (autlogic and

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi Experts, I would like to ask your guidance on how to authenticate using email add/ the basic log-in while having also a twitter log-in, twitter authentication works fine but if having an alternative log-in like using basic sign-up and email log-in part wont work.... any ideas please...? >>> More