I have written a REST web service with Jersey Server (that totally rocks !). I am now developing the client part of it, with Jersey Client as well.
On the server side, I have chosen a DIGEST authentication, because I personally think that BASIC authentication is an heresy that should be marked as "DEPRECATED" in our heads.
Unfortunately, I do not see any support of the Digest authentication on the client side. For BASIC authentication, one does something like :
client.addFilter(
new HTTPBasicAuthFilter(
user,
password));
But I see no "HTTPDigestAuthFilter" counterpart. Am I missing something ?
Thanks for your help,
Raphael
Digest authentication is another authentication type specified in HTTP 1.1. Unlike basic authentication, digest authentication does not require the password to be transmitted. Rather, the client takes the username and password and uses the MD5 hashing algorithm to create a hash, which is then sent to the SQL Server.
This limitation was addressed in the RFC 2617, which defined two authentication schemes for HTTP: Basic Access Authentication and Digest Access Authentication. Unlike Basic authentication, the Digest authentication is based on cryptographic hashes and never sends user credentials over the wire in cleartext.
The HTTP Digest Authentication filter enables you to specify where API Gateway can find user profiles for authentication purposes. API Gateway can look up user profiles in the API Gateway's local repository. For more information on adding users to the local repository, see Manage API Gateway users.
I have just implemented it. I have created a feature request in the Jersey issue tracker, and posted my implementation there, as attachment : https://jersey.dev.java.net/issues/show_bug.cgi?id=542
It works fine for communicating with a DIGEST authentication of a Tomcat server. I have not tested for other web servers yet.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With