Berner Fachhochschule, Technik und Informatik

Web Programming

Todo REST Service (Authentication)

The objective of this exercise is to secure the REST interface of a todo service using basic authentication.

Tasks

  1. Implement the servlet UserAdminServlet that uses the UserAdmin class to support the following REST request (see also OpenAPI Definition):
    • POST /api/users registers a new user
  2. Implement the servlet filter AuthenticationFilter that checks if each request contains an Authorization header with a valid username and password and adds the authenticated user to the request.
  3. Remove the global todo list from the servlet TodoListServlet and use the todo list of the authenticated user stored in the request instead.
  4. (Optional) Implement the servlet filter MediaTypeFilter that immediately returns an error response, if the header Content-Type or Accept contains an invalid value.
  5. Use the Postman application to test the REST service manually.
  6. Run the TodoIntegrationTest to test the REST service automatically.


Solution
This work by Stephan Fischli is licensed under CC BY-NC-ND 4.0