logo
down
shadow

Securing mobile REST Api with spring Security enough?


Securing mobile REST Api with spring Security enough?

By : user2952929
Date : November 19 2020, 03:59 PM
it fixes the issue 1) Yes, from your requirements description I will say Spring Security will do fine. (REST services are usually stateless instead of using sessions, but Spring Security can handle both.)
2) You don't need to use OAuth2 unless you want to pull information from user's Google or Facebook account or something like that.
code :


Share : facebook icon twitter icon
Securing REST API with Spring Security

Securing REST API with Spring Security


By : Shufang
Date : March 29 2020, 07:55 AM
hop of those help? If you use Spring Security in your application, you, probably, already have an section in one of your Spring config files. You can use this section to secure your REST API.
The does not secure anything on its own. You have to add rules inside it:
code :
<intercept-url pattern="/api/**" access="hasRole('ROLE_USER')" />
Securing REST endpoint using spring security

Securing REST endpoint using spring security


By : Saikumar A
Date : March 29 2020, 07:55 AM
I think the issue was by ths following , The example you have followed is implementing a form-based authentication. In order to change it to http auth (which is more suitable for REST services) you need to look for the following form-login tag in your security.xml:
code :
<form-login 
        login-page="/login" 
        default-target-url="/welcome" 
        authentication-failure-url="/login?error" 
        username-parameter="username"
        password-parameter="password" />
<http-basic />
  http.authorizeRequests()
    .antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')")
    .antMatchers("/dba/**").access("hasRole('ROLE_ADMIN') or hasRole('ROLE_DBA')")
    .and().formLogin();
  http.authorizeRequests()
    .antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')")
    .antMatchers("/dba/**").access("hasRole('ROLE_ADMIN') or hasRole('ROLE_DBA')")
    .and().httpBasic();
Spring Boot JS App wont work after securing rest-api with Spring Security

Spring Boot JS App wont work after securing rest-api with Spring Security


By : sgc2c
Date : March 29 2020, 07:55 AM
wish of those help I created a simple Spring Boot/ JS App. In a next step I tried to implement an usermanagement feature to handle multiple users. , I figured out that I have to add a WebConfig.java class like this:
code :
import org.springframework.boot.autoconfigure.web.WebMvcAutoConfiguration;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

@Configuration
@EnableWebMvc
@ComponentScan
public class WebConfig extends WebMvcAutoConfiguration.WebMvcAutoConfigurationAdapter {

}
Securing REST API in Grails and Spring Security

Securing REST API in Grails and Spring Security


By : bikram kumar singh
Date : March 29 2020, 07:55 AM
this one helps. Yes, I just did this for another application. You have to tell spring security to behave differently when the REST URLS are accessed.
Add this to your config.groovy
Securing REST microservices with Spring Security

Securing REST microservices with Spring Security


By : Rahul Singh
Date : March 29 2020, 07:55 AM
hope this fix your issue I suggest you have a look on Dave Sayer's great webinar on this topic. He suggest several possible options varying from Spring session to OAuth2.
You can find the webinar here: https://spring.io/blog/2014/11/07/webinar-replay-security-for-microservices-with-spring-and-oauth2
shadow
Privacy Policy - Terms - Contact Us © ourworld-yourmove.org