Hi Lukasz is leading the CXF JAXRS OAuth project, have just seen him replying... It appears though that you probably want a solution based upon OpenId (combined with OAuth if really needed) or may be CAS, or some other SSO based solution. You can also try to use a client certificate - may be an expensive option but just mentioning it.
cheers, Sergey On Tue, Jul 20, 2010 at 2:36 PM, Dan King <[email protected]> wrote: > Hi all, > > I want to secure my restful web service, which is used internally only > (i.e. no > 3rd parties) and is accessed via a web tier using java, javascript, and > flex. > However, I do not want to use basic authentication security, since I do > want to > transfer back-and-forth the user name and password with each request. > > I've looked into both OAuth and SSO as options for securing the web > service, I'm > just not sure whether either is sensible. I'd appreciate it if others could > share what approach (OAuth, SSO, or whatever else used) they took for > securing > their web service and why they selected that approach. > > Also, if anyone knows where to find an implementation guide for OAuth, I'd > appreciate it if you could pass along that information. Thanks. > > -Dan > > > > > >
