How to implement REST token-based authentication with JAX-RS and Jersey

I’m looking for a way to enable token-based authentication in Jersey. I am trying not to use any particular framework. Is that possible?

My plan is: A user signs up for my web service, my web service generates a token, sends it to the client, and the client will retain it. Then the client, for each request, will send the token instead of username and password.

I was thinking of using a custom filter for each request and @PreAuthorize("hasRole('ROLE')"), but I just thought that this causes a lot of requests to the database to check if the token is valid.

Or not create filter and in each request put a param token? So that each API first checks the token and after executes something to retrieve resource.

2 s
2

Leave a Comment