Berner Fachhochschule, Technik und Informatik

Web Programming

Todo REST Service (Authentication)

The objective of this exercise is to secure the REST interface of a todo service using basic authentication.

Tasks

  1. Implement the servlet UserServlet that uses the user service to register a user for the REST request POST /api/users (see also OpenAPI Definition).
  2. Implement the servlet filter AuthenticationFilter that checks if each request regarding the todos contains a valid Authorization header, authenticates the corresponding user using the user service, and adds their username to the request if successful.
  3. Modify the servlet TodoListServlet so that it uses the todos of the authenticated user stored in the request.
  4. (Optional) Implement the servlet filter MediaTypeFilter that immediately returns an error response, if the header Content-Type or Accept contains an invalid value.
  5. Use the Postman application to test the REST service manually.
  6. Run the TodoIntegrationTest to test the REST service automatically.


Solution
This work by Stephan Fischli is licensed under CC BY-NC-ND 4.0