How do I protect a OSGi JAX-RS whiteboard REST service using Basic Authentication?

Paul Spencer Tue, 23 Jan 2024 11:06:37 -0800

Karaf 4.4.5

How do I protect a OSGi JAX-RS whiteboard REST service using Basic 
Authentication?


Using the default "karaf" realm, this should fail with a HTTP Response code 401 
- Unauthorized
  curl --user foo:bar http://localhost:8080/myRestApi/messageLog/

Using the default "karaf" realm, this should succeed with a HTTP Response code 
200 - OK
  curl --user karaf:karaf http://localhost:8080/myRestApi/messageLog/


***
* Example Protected REST api call /messageLog/
***
@DeclareRoles("ADMIN")
@DenyAll
@Path("/messageLog")
@Component(service = MessageLog.class)
@JaxrsResource
@JaxrsApplicationSelect("(osgi.jaxrs.name=myRestApi)")
public class MessageLog {

    @RolesAllowed("ADMIN")
    @GET
    @Produces(MediaType.APPLICATION_JSON)
    @Path("/")
    public Response getMessageLog() {
        // Only users with the Role "ADMIN" can execute method.
        ...
        }
}

Paul Spencer

How do I protect a OSGi JAX-RS whiteboard REST service using Basic Authentication?

Reply via email to