I´m building a web application which comunicates server and clients through REST services (I´m planning to build a mobile app in mid term).
I´ve used Spring Security in other web applications without REST services. But I´m not sure if that approach is suitable for my scenario.
Is it possible secure both access to web pages and calls to REST services using Spring Security? What would you recommend?
Backend uses Spring Data + Spring MVC.
Thank you.
Yes, Spring Security is a good way to secure both REST endpoints and traditional MVC webpages. The implementation can be similar for both your REST endpoints and MVC routes depending on your requirements.
Spring Security is a popular and effective way to add security to your Spring application. Since you already have experience with it, you should be able to secure your REST endpoints with relative ease.
Check out this detailed tutorial on securing REST routes with Spring Security to get started: https://spring.io/guides/tutorials/rest/5/
Related
I need to make a SOAP webservice and a web client. I have been trying for several days to implement and configure spring security on the ws to control authentication with a database but without success.
I use spring boot 2.2 with spring security.
I would like the user to authenticate only on certain actions and from a database and not by putting the password in hard.
Could you explain me how works spring security with soap ? I didn't find good and simple explanation.
Thanks for your help
I'm developing a Java application using JPA, EJB, CDI, JAX-RS and AngularJS, running on a WildFly.
Currently I use basic authentication, but I would like to improve it with other authentication options, such as Facebook, Twitter or Google+.
Spring Social provides a nice set of features to connect with social networks, but I'm not using Spring on my application.
My questions are:
Does Spring Social play well with EJB?
Is there any example?
Is there an alternative to Spring Social in order to connect with social networks?
I'm running a web application using exactly the same stack and I'm successfully using Spring Social for Facebook authentication.
To answer your questions:
Spring Social is a class library, sure you can use it with EJBs, in
my project I've actually created an abstract interface between a
facade EJB and various Spring Social providers;
you can find code
examples on the Spring Social web page, look at Spring Sample
Projects;
every social gives you libraries and tools to connect with
them, whereas the Spring Social library gives you a uniform interface, making your code more simple and maintainable.
We have an application which uses Jersey RESTful web services to communicate with the frontend. The services are secured with SPNEGO, so running on JBoss 5, we have a SPNEGO security domain configured. However, for a couple web services, the client is not the front end but non-Windows clients (hence SPNEGO will not work). I would like to override the security domain with a BASIC auth scheme for these services. I am searching for a way to do this preferably without Spring Security (this is not in our technology scope). But if it has to be Spring Security, so be it. I am looking for a way to do this with annotations if possible.
I am developing RESTFUL Java application in this i use JERSEY library. In my application i have to authenticate user with spring security OAuth 2.0 library. I am in need of both provider and client. I have searched lot in internet.
Can any one share a simple example or any nice tutorial with basic steps
Thanks in advance
I'm researching how best to create a Restful web service on Google app engine. My end goal is to have an Android application call a web service on GAE to post and get data. At this point I not sure what the best approach is.
What I know at this point is Spring MVC 3 provide the ability to create web service but it does not provide a full implementation of JAX-RS. I also have read a few blog that talk about how Spring and Restlet can be integrated together. On the other side I have read that I could only use Restlet in GAE. I would also like provide a light web interface for users to view their posted data
So my questions are the following.
1. Should I just use Restlet.
2. Should I just use Spring MVC to provide my Restful web service.
3. Should I use Spring and Restlet together.
At this point I think I should invest my time in Restlet because that seems to be the best approach for calling web services in Android. I'm also debating if Spring MVC is just over kill.
Any thoughts would be helpful.
Have a look at the following similar questions:
Easiest frameworks to implement Java REST web services and Can anyone recommend a Java web framework that is based on MVC and supports REST?
I recently set up RESTlet on GAE and it was an absolute breeze! There are docs outlining the procedure on the RESTlet website and I was up and running RESTlet on GAE using the Google datastore within two hours.
The major downside is that performance of the Google data store for low volume apps is atrocious. Timeouts are not uncommon. (Google mandates a maximum 30 second request time and your app can easily take up half of that in coming out of hibernation if it hasn't been accessed recently)
Right now I am building another RESTful app and chose to go the Spring 3 MVC / Hibernate / MYSQL route. I am not new to Spring DI or MySQL, but I am new to Spring MVC and it is taking me days to work through all the issues I am encountering. I am disappointed in the quality of available documentation and I have not been able to find a reasonable and complete Spring 3 MVC RESTful CRUD tutorial anywhere. Argh.
I don't have experience with Restlet but Spring MVC 3.0 is quite powerful for building restful webservice AND webapps. So if you also plan for your service to be accessible through browsers then it is a great solution since your controllers can serve both apps and browsers.
Perhaps this is also possible with Restlet but I have not heard of its capabilities for building webapps.
Just beware that Spring has a high loading time. This means that you have to be careful to avoid slow responses from cold starts.