I have 2 RESTful services realized in JAX-RS (Jersey): "A" and "B". They are deployed on a separate application servers. "A" and "B" are both of mine.
- Client connect and login at "A" servi开发者_如何学运维ce;
- Client ask "A" for resource, for example: https://blabla1/services/myresources;
- For retrieve resource "myresources" service "A" should ask (not redirect) service "B" for another resource, for example: https://blabla2/services/anotherresources.
Service "B" need authenticate too, that's the problem. Is it possible, that service "A" ask "B" with client authentication parameters, and how it will works ?
I guess it's possible with oauth library, but I can't find any examples (close to my problem) and howto's.
Thanks
Just summarizing the solution outlined in the comments:
Service "B" (or a proxy in front of it) should only accept HTTPS requests with the certificate of server "A". (Server "A" can also validate server "B"'s certificate to avoid man in the middle attacks.)
Then the user name can be a plain text request parameter.
If you have better networking people than server people or find SSL daunting, have the network people establish a secure tunnel (forming a VPN) between your sites instead, and make service "B" unavailable from the raw Internet besides the tunnel.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论