Monday Aug 17, 2009

Securing REST Web Services With OAuth

It's been a while since the last OpenSSO article at Sun Developer Network (the excellent, three-part, Troubleshooting OpenSSO with Firefox Add-Ons), but Malla and Rick have come up trumps with Securing REST Web Services With OAuth.

The article recasts the tried and true 'stock quote sample' as a RESTful web service with access protected by OAuth via OpenSSO and Jersey (Sun's open source implementation of JAX-RS, aka JSR 311). This is technology that has hitherto only been demonstrated in a demo at JavaOne 2009, so it's great to see it being successfully applied here.

Go read the article and discover how OpenSSO, Jersey and OAuth combine to secure RESTful web services!

Tuesday Aug 04, 2009

links for 2009-08-04

Friday Jul 17, 2009

links for 2009-07-17

Tuesday Jun 09, 2009

Back after JavaOne 2009

Wow - is it really over a month since my last blog entry? I guess that's what happens when you get your head down into a project - in this case, building a demo for CommunityOne West and JavaOne 2009 to show off the latest OpenSSO features.

The demo brought together a number of existing Java technologies - the Java Persistence API (JPA), the Jersey implementation of JAX-RS (aka JSR 311) on both the client and server, and JavaFX - with some new aspects of OpenSSO - fine-grained authorization (aka entitlements), OAuth protocol support, and a JDBC data store. Briefly, the demo centered on a cellphone account management system delivered as a JavaFX rich Internet application (RIA) client and a (more or less) RESTful web service back-end, communication between them secured by OAuth.

I'll be uploading source code for the demo client and server apps to the OpenSSO project in the next few days, as well as documenting how to bring up the demo environment. Watch this space for updates!

Tuesday Sep 11, 2007

links for 2007-09-11

  • The OAuth protocol enables websites or applications (Consumers) to access Protected Resources from a web service (Service Provider) via an API, without requiring the User to disclose their Service Provider credentials to the Consumer. An example use case
About

superpat

Search

Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today