StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POHow do I secure a Java REST service using Drupal?
primarykey
Id
9934572
data
AcceptedAnswerId
0
AnswerCount
1
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2012-03-29T22:36:20.447
FavoriteCount
0
LastActivityDate
2012-04-03T18:52:06.147
LastEditDate
2012-04-03T16:05:38.817
LastEditorUserId
1180316
OwnerUserId
1180316
ParentId
0
PostTypeId
1
Score
1
ViewCount
697
LastEditorDisplayName
text
Body
I am creating a web application that uses the Drupal 7 Content Management System. The web pages heavily use JQuery and AJAX. The AJAX calls hit REST services, which are actually implemented using JAVA. Apache is running Drupal 7 and is configured to pass any calls to the REST urls through to the Java EE server (Jboss AS7). Everything is over SSL. I need to Authorise and Authenticate calls to the REST services, and access the username or ID of the person currently logged-in to Drupal from the Java app. The question is... how... As the AJAX calls are made to the same Apache server (rather than to a separate server etc), everything happens within the same http session, so I'm hoping this will be quite easy. Things I've thought-of: <ul> <li>Configure a java security interceptor that calls a custom (locally accessed only) drupal service that somehow reads the session id and returns the logged-in username</li> <li>create a "dumb" drupal REST service to act as a gateway for all of my REST calls, which authorises/ authenticates then injects the username before passing-through to the Java backend service</li> <li>The article at <a href="https://lists.wisc.edu/read/messages?id=7777296#7777296" rel="nofollow">https://lists.wisc.edu/read/messages?id=7777296#7777296</a> made me wonder if I could get-away with calling a Drupal service (just at the start of each Java service session) that takes a Drupal sessionID and returns the current user and his roles. I could configure it in my Java service so it would reperform this call every x seconds or y calls to check for role changes or logouts.</li> </ul> How does everyone else do it? This must be a common problem to solve isn't it? If not, what do you do instead to securely access authenticated services over AJAX? I'd rather not introduce a second user control process in addition to Drupal unless it's unavoidable. DRY :) Thank you - this has me stumped!
Tags
<security><drupal><authentication><rest><java-ee>
Title
How do I secure a Java REST service using Drupal?
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USuser1180316
UserOwnerUserId
1. USuser1180316
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POHow do I secure a Java REST service using Drupal?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.