21stAirhacksQ&A.md

21stAirhacksQ&A.md

Ask questions and see you at December, 7th at 6.PM. CET: http://www.ustream.tv/channel/adambien Also see archives: airhacks.tv

Hello Adam,

I'd like to pickup a question I had previous airhacks regarding authentication in REST services. I think my question was a bit unclear, sorry - so I'll try again.

• assume a REST service with some business methods
• additionally the REST app provides a login method and accesses a user store (LDAP)
• consumers of the REST app can be different (a Angular SPA, an Android APP etc.)
• for using the REST service business methods the clients have to authenticate with users from the user store in LDAP
• on the one hand we don't want to authenticate against LDAP for EVERY business method call of the REST service but on the other hand we need some trusted method for the REST service calls

So we need somehow a session management or ticket mechanism ...

What would you recommend in that case ? Just a map with authentication tokens + REST filter, OAUTH ... ?!

Many thanks in advance,
Markus

Hi Adam,

I am maintaining a multi-tenant enterprise application in which special metadata on requests (headers, params) identify specific tenants. Each tenant has custom configurations in the system that override some defaults. The configurations come from a cache-augmented database fronted by an EJB. To successfully look up one such custom configuration, a key and a tenant identifier is needed. If the tenant identifier is not present, the key alone is used to retrieve the default for the key's entry.

From the remote interfaces that receive these requests (servlets, web services, etc) I want to retrieve such identifiers and setup contexts (e.g put properties in EJBContext) with them such that producer methods can leverage to setup appropriate beans to service each tenant's clients. I would also ideally want to favor CDI over EJBs for this case as much as reasonable.

I was thinking along the lines of the following strategy but I got stuck.

1. Create a @Config qualifier so that the CDI container resolves to the configuration producer.
2. Create a @Key(String) configuration annotation through which the lookup key of the desired configuration entry can be obtained.
3. Create a Producer method which takes an InjectionPoint as a parameter. The InjectionPoint allows to obtain the @Key annotation, the declared type of the field being targeted and the class in which this injected field is declared (enclosing class). A sweet scenario would be if InjectionPoint allows me to obtain an instance of the the enclosing class. But thinking of it, this doesn't make sense as the instance wouldn't be ready yet until all it's dependencies have been created/located and injected.

Is this a case CDI is not meant for? How could this best be implemented?

Hello Adam, thanks for your videos!!

My question is how to create a Single Sign On for all of my web systems in java ee?
Are you in favor on create a new one from scratch or to reuse something that it is already built in java?

Thank you very much !!!!

I already take the java ee 7 essentials vimeo course, thanks for these course, was great for me, because I am learning java ee!! (I already know jsf).
Do you plan to create a javascript + java course? I need to connect a java ee rest service using react.js or angular.js.
What do think about that? what are the best practices to follow to connect bouth of them?
Can you point me into an example?

Thank you very much!!!!