The Sun Developer Network paper Securing REST Web Services with OAuth by Malla Simachalam and Rick Palkovic explores an example REpresentational State Transfer (REST) application that uses the open-source protocol OAuth to address security issues.

The use of OAuth with Java technology requires several components, which the authors detail in a graphic illustration of the architecture of a REST-based web service consumer and provider deployment.

The example described in the paper is a simple Stock Quote application that was built using JAX-RS (JSR 311). The compressed example file restsample.zip contains the required jar files for compile, build, and deployment. The example uses JSR 311 API and the implementation from Project Jersey. The authors include details on downloading and installing the application.

Following download and install, the authors cover the deployment and configuration of the OAuth token service. Currently, the OAuth Token Service uses the Java DB (Derby), and requires several steps of configuration before it is ready to run, all of which are listed, along with the sample code called for in each.

The building, deploying and then running of the example application are considered next, and screen shots are included to illustrate these processes.

Finally, once again including code samples, the authors detail the HTTP protocol sequence data for the example application.

In conclusion the paper notes that the OAuth protocol enables a service consumer to access protected resources from a web service provider through an API. The API gives service consumers access to services without requiring that users disclose their service provider credentials.

More Information

GlassFish Community

GlassFish Downloads

OpenSSO

Open SSO Downloads

GlassFish Jersey

OAuth [...read more...]

		fullsource
Print Email Current Profile Archive Blog Generate newsletter