Hawk for Java provides a full Jersey client and server. The steps required to integrate Hawk in to your Jersey application are provided below.

Jersey Client

If you are using Jersey to generate HTTP requests then you can use the Hawk Jersey client to authenticate with Hawk. To add Hawk to your project you need to include the following dependency:

    <dependency>
      <groupId>com.wealdtech.hawk</groupId>
      <artifactId>hawk-client-jersey</artifactId>
      <version>1.0.0</version>
    </dependency>

Hawk authentication is implemented as a Jersey client filter. The first thing you will need to do is provide a set of Hawk credentials, for example:

HawkCredentials hawkCredentials = new HawkCredentials.Builder()
                                                     .keyId("dh37fgj492je")
                                                     .key("werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn")
                                                     .algorithm(HawkCredentials.Algorithm.SHA256)
                                                     .build();

Once these have been configuration you can create a Hawk client:

HawkClient hawkClient = new HawkClient.Builder().credentials(hawkCredentials).build();

And finally you need to add the authorization filter to the Jersey client, for example:

Client client = Client.create(new DefaultConfig());
client.addFilter(new HawkAuthorizationFilter(this.hawkClient));

At this point all requests sent from the client will contain a Hawk Authentication header.

Client Options

There are a number of options available to the client. For details on these please refer to the JavaDoc, or look directly at the source code for HawkClientConfiguration.

Jersey Server

If you are using Jersey to serve HTTP requests then you can use the Hawk Jersey server to authenticate with Hawk. To add Hawk to your project you need to include the following dependency:

    <dependency>
      <groupId>com.wealdtech.hawk</groupId>
      <artifactId>hawk-server-jersey</artifactId>
      <version>1.0.0</version>
    </dependency>

Hawk needs two thing from your application to work correctly: a way of obtaining a principal given the Hawk credentials key ID, and a way of obtaining a full set of Hawk credentials given a key ID. Specifically, the steps required are as follows:

Create a service that extends HawkPrincipalProvider for your own application. This requires a get() method that takes the Hawk key ID as an argument and returns the principal which owns that key. An example is available in the test suite as ExampleUserService.java
Ensure that your principal class implements HawkCredentialsProvider so that it can return the full Hawk credentials. An example is available in the test suite as ExampleUser.java

Once these are in place you need to create an authentication filter to capture incoming requests and authenticate them. If you are expecting to authenticate purely through Hawk you can just subclass the existing HawkAuthenticationFilter.java. Note that this needs to be in Jersey's resource path for it to be picked up when Jersey starts. An example is available in the test suite as HawkExampleUserAuthenticationFilter.java.

Although the various items can be instantiated maually they have also been designed to work with Guice. To work with Guice you need to create a Guice module that contains the bindings to your principal provider and authenticator, and add them to your injector setup. An example is available in the test suite as HawkConfigurationModule.java

If desired, you can add a Jersey provider to access your authenticated principal inside resources. The principal is stored in the servlet request attribute "com.wealdtech.authenticatedprincipal". An example is avaialable in the test suite as ExampleUserProvider.java.