Secure RESTful Services with Maven, Spring, Jersey and Spring Security

This post adds security to my previous RESTful services example code. The changes are quite simple and I will only highlight them here. As usual the full Maven project and a Java client test class is available for you to explore.

The idea here is to add HTTP basic authentication to the restful services and also lock down who can access which methods (authz). First here is the change to the web.xml. We add the Spring Security filter here.

Next here is the Spring application context file. Here the change is to enable Spring Security, define some dummy userids, enable http basic authentication and finally describe the URL patterns to which to apply security.

Run mvn package jetty:run and you can access one of the URLs below. Ensure to provide the right password for json and xml URI’s.

Your browser will request a userid/password where required – as per the above intercept-url’s. The Java client has a slight modification to allow the client to pass in the login credentials.

Click here to download┬áthe full maven project OR download the project from GitHub – https://github.com/thomasma/jaxrs-jersey-springsec.