1 Reply Latest reply: Mar 16, 2012 11:38 AM by Jay Balunas RSS

Security on mobile

Bruno Oliveira Newbie

Hi my friends!  I was wondering about to create a security layer on top of resteasy to deal with authentication at first glance.

 

Currently resteasy has a security module (https://github.com/resteasy/Resteasy/tree/master/jaxrs/security) that supports oauth specification 1.0a (http://docs.jboss.org/resteasy/docs/2.3.1.GA/userguide/html/Authentication.html#d0e2697), that could be used as quick start.

 

The API is considered experimental by resteasy team. I would to suggest 2 alternatives:

 

A

 

  1. Start with resteasy-oauth and make it ready for production sending patches to the resteasy team.
  2. Start oauth2 implementation (http://tools.ietf.org/html/draft-ietf-oauth-v2-25) on top of resteasy

 

B

 

  1. Start with JAX-RS from scratch to not be so tight with resteasy (because we'll have specific needs on mobile that couldn't fit in resteasy-oauth plans)
  2. Prioritize which specification must be implemented 1.0b or oauth-v2-25 (or both)

 

What do you think?

  • 1. Re: Security on mobile
    Jay Balunas Master

    I think I'd like to get your thoughts on the end goal, and user facing functionality.  What do you envision the end result to be?  How will developers use it?  Please include client side interactions as well.

     

    Ideally, as a use-case.  I'd like to have a demo similar to what I posted about AeroGear-7 New more advanced example called Denizen added to aerogear git where we can add in this security work to enable secure services, and pages. 

     

    I'd like the ability to have the application define its own users, and groups, and tie that in with the OAuth ideas above.  Basically this would be a self contained user/group CRUD demo that would be a perfect platform to show the security features.