Berner Fachhochschule, Technik und Informatik

Web Programming

Todo REST Service (Authentication)

The objective of this exercise is to secure the REST interface of a todo service using basic authentication.

Tasks

  1. Implement the servlet UsersServlet that uses the user service to register a user for the REST request POST /api/users (see also OpenAPI Definition).
  2. Implement the servlet filter AuthenticationFilter that checks if each request regarding the todos contains a valid Authorization header and authenticates the corresponding user; if successful, the username is added to the request, otherwise an error response is returned.
  3. Modify the servlets TodosServlet and TodoServlet so that they use the todos of the authenticated user stored in the request.
  4. (Optional) Implement the servlet filter MediaTypeFilter that immediately returns an error response, if the Accept or Content-Type header contains an invalid value.
  5. Use the Postman application to test the REST service manually.
  6. Run the TodoRestServiceIT to test the REST service automatically.


Solution
This work by Stephan Fischli is licensed under CC BY-NC-ND 4.0