JAX-RS - Container Managed Basic Authentication

[Updated: Sep 20, 2017, Created: Sep 20, 2017]

This example shows how to use container managed basic authentication in JAX-RS.

Since JAX-RS runs in a servlet container, we can implement container managed authentication by specifying <security-constraint> and <login-config> elements in web.xml. In an servlet based application, we usually use @ServletSecurity annotation to specify a security constraint.




<web-app xmlns=""
                   " version="3.1">

Defining Users and Roles

Since we are going to use embedded Tomcat server, we have to define users in a local file:


<?xml version="1.0" encoding="UTF-8"?>
    <role rolename="EMPLOYEE"/>
    <user username="joe" password="123" roles="EMPLOYEE"/>

In Tomcat server environment, we will use the similar file under $CATALINA_BASE/conf/ folder.

Following is the mapping for the local users file with embedded Tomcat plugin in pom.xml


A JAX-RS resource

public class EmployeeResource {

  public String getEmployees() {
      return "dummy employee list";

  public String getUser(@PathParam("id") String id) {
      return "dummy employee with id: " + id;


Accessing '/employees'

Enter user 'joe' and password '123':

Example Project

Dependencies and Technologies Used:

  • jersey-server 2.25.1: Jersey core server implementation.
  • jersey-container-servlet 2.25.1: Jersey core Servlet 3.x implementation.
  • JDK 1.8
  • Maven 3.3.9

JAX-RS Container Basic Authentication Select All Download
  • jaxrs-basic-authentication
    • src
      • main
        • java
          • com
            • logicbig
              • example
        • resources
        • webapp
          • WEB-INF

See Also