RESTful Java with JAX-RS 2.0 (Second Edition)
Introduction
1. Introduction to REST
- 1.1. REST and the Rebirth of HTTP
- 1.2. RESTful Architectural Principles
- 1.3. Wrapping Up
2. Designing RESTful Services
- 2.1. The Object Model
- 2.2. Model the URIs
- 2.3. Defining the Data Format
- 2.4. Assigning HTTP Methods
- 2.5. Wrapping Up
3. Your First JAX-RS Service
- 3.1. Developing a JAX-RS RESTful Service
- 3.2. Deploying Our Service
- 3.3. Writing a Client
- 3.4. Wrapping Up
4. HTTP Method and URI Matching
- 4.1. Binding HTTP Methods
- 4.2. @Path
- 4.3. Subresource Locators
- 4.4. Gotchas in Request Matching
- 4.5. Wrapping Up
5. JAX-RS Injection
- 5.1. The Basics
- 5.2. @PathParam
- 5.3. @MatrixParam
- 5.4. @QueryParam
- 5.5. @FormParam
- 5.6. @HeaderParam
- 5.7. @CookieParam
- 5.8. @BeanParam
- 5.9. Common Functionality
- 5.10. Wrapping Up
6. JAX-RS Content Handlers
- 6.1. Built-in Content Marshalling
- 6.2. JAXB
- 6.3. Custom Marshalling
- 6.4. Wrapping Up
7. Server Responses and Exception Handling
- 7.1. Default Response Codes
- 7.2. Complex Responses
- 7.3. Exception Handling
- 7.4. Wrapping Up
8. JAX-RS Client API
- 8.1. Client Introduction
- 8.2. Bootstrapping with ClientBuilder
- 8.3. Client and WebTarget
- 8.4. Building and Invoking Requests
- 8.5. Configuration Scopes
- 8.6. Wrapping Up
9. HTTP Content Negotiation
- 9.1. Conneg Explained
- 9.2. Language Negotiation
- 9.3. Encoding Negotiation
- 9.4. JAX-RS and Conneg
- 9.5. Leveraging Content Negotiation
- 9.6. Wrapping Up
10. HATEOAS
- 10.1. HATEOAS and Web Services
- 10.2. HATEOAS and JAX-RS
- 10.3. Building Links and Link Headers
- 10.4. Wrapping Up
11. Scaling JAX-RS Applications
- 11.1. Caching
- 11.2. Concurrency
- 11.3. Wrapping Up
12. Filters and Interceptors
- 12.1. Server-Side Filters
- 12.2. Reader and Writer Interceptors
- 12.3. Client-Side Filters
- 12.4. Deploying Filters and Interceptors
- 12.5. Ordering Filters and Interceptors
- 12.6. Per-JAX-RS Method Bindings
- 12.7. Exception Processing
- 12.8. Wrapping Up
13. Asynchronous JAX-RS
- 13.1. AsyncInvoker Client API
- 13.2. Server Asynchronous Response Processing
- 13.3. Wrapping Up
14. Deployment and Integration
- 14.1. Deployment
- 14.2. Configuration
- 14.3. EJB Integration
- 14.4. Spring Integration
- 14.5. Wrapping Up
15. Securing JAX-RS
- 15.1. Authentication
- 15.2. Authorization
- 15.3. Authentication and Authorization in JAX-RS
- 15.4. Programmatic Security
- 15.5. Client Security
- 15.6. OAuth 2.0
- 15.7. Signing and Encrypting Message Bodies
- 15.8. Wrapping Up
16. Alternative Java Clients
- 16.1. java.net.URL
- 16.2. Apache HttpClient
- 16.3. RESTEasy Client Proxies
- 16.4. Wrapping Up
17. Workbook Introduction
- 17.1. Installing RESTEasy and the Examples
- 17.2. Example Requirements and Structure
18. Examples for Chapter 3
- 18.1. Build and Run the Example Program
- 18.2. Examining the Source Code
19. Examples for Chapter 4
- 19.1. Example ex04_1: HTTP Method Extension
- 19.2. Example ex04_2: @Path with Expressions
- 19.3. Example ex04_3: Subresource Locators
20. Examples for Chapter 5
- 20.1. Example ex05_1: Injecting URI Information
- 20.2. Example ex05_2: Forms and Cookies
21. Examples for Chapter 6
- 21.1. Example ex06_1: Using JAXB
- 21.2. Example ex06_2: Creating a Content Handler
22. Examples for Chapter 7
- 22.1. Example ex07_1: ExceptionMapper
23. Examples for Chapter 9
- 23.1. Example ex09_1: Conneg with JAX-RS
- 23.2. Example ex09_2: Conneg via URL Patterns
24. Examples for Chapter 10
- 24.1. Example ex10_1: Atom Links
- 24.2. Example ex10_2: Link Headers
25. Examples for Chapter 11
- 25.1. Example ex11_1: Caching and Concurrent Updates
26. Examples for Chapter 12
- 26.1. Example ex12_1 : ContainerResponseFilter and DynamicFeature
- 26.2. Example ex12_2: Implementing a WriterInterceptor
27. Examples for Chapter 13
- 27.1. Example ex13_1: Chat REST Interface
28. Examples for Chapter 14
- 28.1. Example ex14_1: EJB and JAX-RS
- 28.2. Example ex14_2: Spring and JAX-RS
29. Examples for Chapter 15
- 29.1. Example ex15_1: Custom Security
- 29.2. Example ex15_2: JSON Web Encryption
30. Workbook
- 30.1. ex03_1:Your first JAX_RS Client and Server
- 30.2. ex04_1:Custom HTTP Method Annotations
- 30.3. ex04_2:@Path expressions
- 30.4. ex04_3:Locators and Subresources
- 30.5. ex05_1:Injection Annotations (1)
- 30.6. ex05_2:Injection Annotations (2)
- 30.7. ex06_1:JAX-RS and JAXB
- 30.8. ex06_2:MessageBodyReader/Writer
- 30.9. ex07_1:Exception Mappers
- 30.10. ex09_1:Content Negotiation
- 30.11. ex09_2:HTTP Content Negotiation
- 30.12. ex10_1:Linking and UriBuilder
- 30.13. ex10_2:Link Headers and UriBuilder
- 30.14. ex11_1:CacheControl and Other things
- 30.15. ex12_1:Response Filter with DynamicFeature
- 30.16. ex12_2:WriterInterceptor
- 30.17. ex13_1:Customer Chat
- 30.18. ex14_1:JAX-RS and EJB
- 30.19. ex14_2:Spring and JAX-RS
- 30.20. ex15_1:@NameBinding and SecurityContext
- 30.21. ex15_2:JSON Web Encryption with Customer Chat

RESTful Java with JAX-RS 2.0 (Second Edition)

Authorization

While authentication is about establishing and verifying user identity, authorization is about permissions. Is my user allowed to perform the operation it is invoking? None of the standards-based Internet authorization protocols discussed so far deals with authorization. The server and application know the permissions for each user and do not need to share this information over a communication protocol. This is why authorization is the domain of the server and application.

JAX-RS relies on the servlet and Java EE specifications to define how authorization works. Authorization is performed in Java EE by associating one or more roles with a given user and then assigning permissions based on that role. While an example of a user might be “Bill” or “Monica,” roles are used to identify a group of users—for instance, “adminstrator,” “manager,” or “employee.” You do not assign access control on a per-user basis, but rather on a per-role basis.

RESTfu­­l Jav­a­ wit­h ­JAX­-­­RS 2.­0­ (Second Edition)

Authorization

RESTful Java with JAX-RS 2.0 (Second Edition)