I’m trying to implement this now and I’m just looking for guidance on how to carry on with API key authentication. The idea for my app is that once the user is logged in via username and password, they can create API keys to access my REST API.
What I’ve done so far:
- Created another
DelegableAuthInfoDAO that stores
APIKey which extends
AuthInfo. I’m able to save
APIKeys to the persistence layer with
- Created another environment called
APIKeyEnv with a
DummyAuthenticator and linked that to the
User. Added all the bindings in the DI framework (Guice)
My ideas for the next steps:
BasicAuthProvider and check the headers for the APIKey. Wire that up using DI.
- Make a new controller and use the injected
APIKeyEnv and proceed as normal using
Is this correct? Or is it simpler? One worry I have is that in my extended
RequestProvider, I’m not able to just search if the API key exists since
AuthInfoRepository only has methods to retrieve
AuthInfo linked to a
Another idea I have is simply add a
RequestProvider to my
DefaultEnv which uses
CookieAuthenticator. Will this be run?