Is there an easy way to secure RESTful API exposed via Apache CXF's JAX-RS implementation? Are there any hooks for security via Spring Security?.
I heard of people using Basic Authentication over HTTPS, but I haven't seen any actual examples. Any ideas would be greatly appreciated.
Thanks!
see http://chrisdail.com/2008/08/13/http-basic-authentication-with-apache-cxf-revisited/
Don't know about CXF, but in Resteasy you can configure it as you would for any other web application, and then do..
#Context private SecurityContext sc;
Which allows you to check things such as sc.isUserInRole("admin");. CXF may provide the same functionality.
Related
I have a web application in which Authorization is handled by Apache Shiro. Now we need to convert it to restful service and need to add an authentication mechanism . I am looking for a possibility to keep Shiro itself for authorization, so that code changes are minimal, and JWT for authentication. Please suggest me how can I achieve it. Is there any framework available for it?
I made a library to achieve this.
https://github.com/panchitoboy/shiro-jwt
You only have to implement UserDefault and UserRepository with your bussines logic.
It's based on apache-shiro, i have created a filter based on the shiro AuthenticatingFilter.
Regards,
How may I create the an access token for my RestFul Api deployed on TomCat?
I have to use it to validate the access of an android application.
Should I use some framework, or doing it by myself?
Thanks for answering.
OAuth 2.0 and OpenID COnnect are:
Open Standards
Widely deployed
Well Tested in Real-Life and in labs
Have many libraries and documented code examples
And these are cryptographic and security protocols.
Why would you try to reinvent the wheel?
-jim
What options do I have to enforce authentication/authorization in a java web app ?
From my research, there's:
JAAS
JNDI
Spring security
Any others ? Does JEE5 or JEE6 have anything new ?
if you do not want to implement the identity-provider by yourself, you can consider using OpenID. This way, you can use any OpenID provider to provide the authentication/authorization.
In addition, you can consider OAuth2.
Do not mix between the two, there are many posts here that can explain the differences...
See Securing Web Applications chapiter for JEE6. Also you can consider Apache Shiro as alternative for Spring Security. If you already use Spring Framework then just go with Spring Security.
Does anyone over here has experience integrating TAM with Grails spring security for single sign on. If so can you help me get a quick start or point to any tutorials.
Thanks
You would probably want to use Spring Security's pre authentication feature and examine the header sent from TAM. To do so you would write your own authentication provider which is really simple and just looks for the header. See this for some more information
I'm needing to implement some RESTful webservices for a client in a Grails app and I want to use the jaxrs plugin but I am having a heck of a time finding information on how to implement security that isn't realm based (tomcat-users.xml). I am using the spring-security-core plugin and I'd like to utilize it to authenticate against my webservices. How do I send credentials to the webservice and then authenticate those using spring security? Can someone point me in the right direction?
I found the following and used a modified version of the solution to solve my problem
http://blogs.bytecode.com.au/glen/2010/01/15/hacking-custom-authentication-providers-with-grails-spring-security.html