Jersey Client API - authentication

Asked 21/7, 2011 at 10:16 Answered 31/5, 2017 at 10:15

I'm using the Jersey client API to submit SOAP requests to a JAX-WS webservice. By default Jersey is somehow using my Windows Nt credentials for authentication when challenged. Can anyone explain where Jersey does this in the code? And can it be overriden?

I have tried using HTTPBasicAuthFilter and adding as a filter on the Client. I have also tried adding my credentials to the WebResoruce queryParams field however neither are being picked up.

Steersman answered 21/7, 2011 at 10:16 Comment(0)

At first I got this working as documented in the Jersey User guide

Authenticator.setDefault (authinstance);

However I did not like this as it relied on setting a global authenticator. After some research I discovered that Jersey has a HTTPBasicAuthFilter which is even easier to use.

Client c = Client.create();
c.addFilter(new HTTPBasicAuthFilter(user, password));

See: https://jersey.github.io/nonav/apidocs/1.10/jersey/com/sun/jersey/api/client/filter/HTTPBasicAuthFilter.html https://jersey.github.io/nonav/apidocs/1.10/jersey/com/sun/jersey/api/client/filter/Filterable.html#addFilter(com.sun.jersey.api.client.filter.ClientFilter)

Gemmule answered 9/12, 2011 at 8:10 Comment(3)

This was exactly what I was looking for. I added this to our client and used Spring Security on the server piece. Worked very elegantly to add security to the application. – Marius 26/10, 2012 at 22:54

See answer below for Jersey 2.x – Troyes 23/3, 2015 at 17:16

I did this: HTTPBasicAuthFilter feature = new HTTPBasicAuthFilter(restUsername,restPassword); client.addFilter(feature); but for some unknown reason i keep getting feature as null. Why would it happen,any idea? – Illusive 7/8, 2015 at 11:14

Jersey 2.x:

HttpAuthenticationFeature feature = HttpAuthenticationFeature.basicBuilder()
    .nonPreemptive()
    .credentials("user", "password")
    .build();

ClientConfig clientConfig = new ClientConfig();
clientConfig.register(feature) ;

Client client = ClientBuilder.newClient(clientConfig);

Reference: 5.9.1. Http Authentication Support

Stertor answered 15/1, 2015 at 9:21 Comment(3)

or: Response response = client.target("localhost:8080/rest/homer/contact").request() .property(HTTP_AUTHENTICATION_BASIC_USERNAME, "homer") .property(HTTP_AUTHENTICATION_BASIC_PASSWORD, "p1swd745").get(); – Troyes 23/3, 2015 at 17:16

I did the same!! But still no authentication is working!. – Rockaway 27/7, 2020 at 13:54

This does not work for me and I still get 403 responses. I am not using HTTPS as I don't have a certificate and am trying to test this locally. Does this basic auth HAVE TO use HTTPS? Is there a way to force it to work over plain HTTP? I don't care that it's not SSL. – Hoggish 19/6, 2021 at 17:19

There's a small section in the Jersey User guide about Client authentication. I'd recommend you follow its advice and try using Apache HTTP Client instead of HttpURLConnection, as it has much better support for just about anything you'd want to do.

Bowline answered 21/7, 2011 at 14:51 Comment(0)

Adding this answer as I keep finding answers for older versions of Jersey that are no longer relevant in 2.x.

For Jersey 2 there are several ways. Take a look at:

JavaDoc for org.glassfish.jersey.client.authentication.HttpAuthenticationFeature

Here is the one that is working for me (simplest basic auth IMHO).

    ClientConfig config = new ClientConfig();

    HttpAuthenticationFeature feature = HttpAuthenticationFeature.basic("username", "password");

    Client client = ClientBuilder.newClient(config);
    client.register(feature);

    WebTarget webTarget = client.target("http://api.asite.com/api").path("v1/reports/list");
    Invocation.Builder invocationBuilder =  webTarget.request(MediaType.TEXT_PLAIN_TYPE);

    Response response = invocationBuilder.get();

    System.out.println( response.getStatus() );
    System.out.println( response.readEntity(String.class) );

Homebody answered 26/7, 2016 at 22:49 Comment(1)

This was useful for me. Thanks. – Idiomorphic 26/10, 2021 at 11:55

If you are testing a Dropwizard application (maybe it suits any REST service), you can use this as an example: https://github.com/dropwizard/dropwizard/blob/v0.8.1/dropwizard-auth/src/test/java/io/dropwizard/auth/basic/BasicAuthProviderTest.java

Gunfight answered 7/5, 2015 at 18:40 Comment(0)

Please find following working code without SSL

I am using put request , if need post/get just change it.

pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>com.javacodegeeks.enterprise.rest.jersey</groupId>
    <artifactId>JerseyJSONExample</artifactId>
    <version>0.0.1-SNAPSHOT</version>

    <repositories>
        <repository>
            <id>maven2-repository.java.net</id>
            <name>Java.net Repository for Maven</name>
            <url>http://download.java.net/maven/2/</url>
            <layout>default</layout>
        </repository>
    </repositories>

    <dependencies>

        <dependency>
            <groupId>com.sun.jersey</groupId>
            <artifactId>jersey-server</artifactId>
            <version>1.9</version>
        </dependency>

        <dependency>
            <groupId>com.sun.jersey</groupId>
            <artifactId>jersey-client</artifactId>
            <version>1.9</version>
        </dependency>

        <dependency>
            <groupId>com.sun.jersey</groupId>
            <artifactId>jersey-json</artifactId>
            <version>1.9</version>
        </dependency>

    </dependencies>

</project>

Java Class

package com.rest.jersey.jerseyclient;

import com.rest.jersey.dto.Employee;
import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.WebResource;
import com.sun.jersey.api.client.config.ClientConfig;
import com.sun.jersey.api.client.config.DefaultClientConfig;
import com.sun.jersey.api.client.filter.HTTPBasicAuthFilter;
import com.sun.jersey.api.client.filter.LoggingFilter;
import com.sun.jersey.api.json.JSONConfiguration;

public class JerseyClient {

    public static void main(String[] args) {
        try {

            String username = "username";
            String password = "p@ssword";


            //{"userId":"12345","name ":"Viquar","surname":"Khan","email":"[email protected]"}





            Employee employee = new Employee("Viquar", "Khan", "[email protected]");


            ClientConfig clientConfig = new DefaultClientConfig();

            clientConfig.getFeatures().put( JSONConfiguration.FEATURE_POJO_MAPPING, Boolean.TRUE);

            Client client = Client.create(clientConfig);
            //


                final HTTPBasicAuthFilter authFilter = new HTTPBasicAuthFilter(username, password);
                client.addFilter(authFilter);
                client.addFilter(new LoggingFilter());

            //
            WebResource webResource = client
                    .resource("http://localhost:7001/VaquarKhanWeb/employee/api/v1/informations");

              ClientResponse response = webResource.accept("application/json")
                .type("application/json").put(ClientResponse.class, employee);


            if (response.getStatus() != 200) {
                throw new RuntimeException("Failed : HTTP error code : "
                        + response.getStatus());
            }

            String output = response.getEntity(String.class);

            System.out.println("Server response .... \n");
            System.out.println(output);

        } catch (Exception e) {

            e.printStackTrace();

        }

    }

}

POJO

package com.rest.jersey.dto;

public class Employee {

    private String name;
    private String surname;
    private String email;
    public String getName() {
        return name;
    }
    public void setName(String name) {
        this.name = name;
    }
    public String getSurname() {
        return surname;
    }
    public void setSurname(String surname) {
        this.surname = surname;
    }
    public String getEmail() {
        return email;
    }
    public void setEmail(String email) {
        this.email = email;
    }
    @Override
    public String toString() {
        return "Employee [name=" + name + ", surname=" + surname + ", email=" + email + "]";
    }
    public Employee(String name, String surname, String email) {
        super();
        this.name = name;
        this.surname = surname;
        this.email = email;
    }

}

Godspeed answered 3/11, 2015 at 13:38 Comment(0)

Yes for jersey 2.x you can do this to authenticate each request with basic auth (preemptive mode):

 client.register(HttpAuthenticationFeature.basic(userName, password));
 // rest invocation code ..

Taiwan answered 31/5, 2017 at 10:15 Comment(0)

Recommended topics

Hot tags