Using OSGi JAX RS Connector Security with Spring

This HowTo was written by @thilker. Please contact him if you have any questions.

1. Get the security bundle from here: http://maven-repository.com/artifact/com.eclipsesource.jaxrs/provider-security.
2. Install the bundle (Depends on your IDE, Server, OS, etc. how to do it)
3. Create a new class implementing the interfaces “AuthenticationHandler” and “AuthorizationHandler“
4. Annotate the new class with “org.springframework.stereotype.Service”. Make sure to set the base package to be scanned in your Spring-Config

   <context:component-scan base-package="your.base.package" />
   

5. Annotate your REST-Service as descripted here https://github.com/hstaudacher/osgi-jax-rs-connector/wiki/security.

   @RolesAllowed( "secure" )
   

6. Some additional packages have to be declared in the manifest. For example javax.ws.rs.container and javax.annotation.security. At least you will see what is missing when you start the app.
7. Declare the Springbean (the Handler) as OSGi-Services in your Spring-OSGi-Config:

   <osgi:service ref="securityHandler" interface="com.eclipsesource.jaxrs.provider.security.AuthenticationHandler" />
   
   <osgi:service ref="securityHandler" interface="com.eclipsesource.jaxrs.provider.security.AuthorizationHandler" />
   

Keep in mind, that the “ref”-name is the name of the bean. My class’s name is “SecurityHandler”, so the “@Service”-annotation causes the bean name to be “securityHandler”.

1. Start the application.
2. Test the REST-service but keep in mind to set a HTTP-Header with the attribute you have choosen in public Principal authenticate(ContainerRequestContext requestContext) for the user. Normally it is “user”.
3. For being able to set HTTP-Headers I would recommend “GraphicalHttpClient (OSX)”. But there are many more (fiddler, etc.).