Security as a service for REST services

0
votes

I am implementing RESTful web services using NetBeans (JAX-RS) and Glassfish server to expose database resources.

I want to implement varying levels of security depending upon the users requirement (maybe choice provided to user). From various discussions regarding REST security, I understand there are different ways (given below) in which security can be implemented. How can I implement a security solution as a service which will be invoked depending upon the context.

TLS (HTTPS) + 1. HTTP Basic 2. HTTP Digest 3. two-legged OAuth 4. a Cookie-based approach 5. client certificates 6. Signed requests using HMAC and a limited lifetime

Thanks in advance

1
web-servicesrest

1 Answers

0
votes

You can try to implement security by using Policies at Runtime.
Policy gives the flexibility to implement different security scenario (userauth, oauth,saml etc) depending upon the context.
We implemented the same in web service using Apache CXF and WS-SecurityPolicy.
For rest service I think similar concept can be used.