aspose file tools*
The moose likes Web Services and the fly likes What security mechanisms or strategies are available with REST? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "What security mechanisms or strategies are available with REST? " Watch "What security mechanisms or strategies are available with REST? " New topic
Author

What security mechanisms or strategies are available with REST?

J Kilgrow
Greenhorn

Joined: Oct 05, 2010
Posts: 18
Another question that I have is around security.
I can secure a SOAP service with basic auth as a minimum but I can also do more advanced security like post backs to get userid and password.

What security mechanisms or strategies are available with REST?
Praful Thakare
Ranch Hand

Joined: Feb 10, 2001
Posts: 614
well REST is build on HTTP foundation so everything you can do with HTTP can be done here so simply sending 401 (If I am not wrong) from rest response will ask for login.


I am not sure if only authors should answer questions, if so , i take back my answer


All desirable things in life are either illegal, banned, expensive or married to someone else !!!
J Kilgrow
Greenhorn

Joined: Oct 05, 2010
Posts: 18
How does that work in a non-interactive environment like when I have to use REST from another service (service to service). For instance, if I have a soap service that needs to call a REST service, if the REST service sends a 401 back to the soap service, how...does that work? I guess that would be similar to a postback?
Praful Thakare
Ranch Hand

Joined: Feb 10, 2001
Posts: 614
how would you call REST service from SOAP? I assume using Rest Client API, so obviously you have to write code to handle 401 (btw, it also needs header values) to call the redirected url with login credentials.
Browser (interactive as per your statement) does the same, once it gets 401 (login request) it prompts for userid/pwd and send that information to new URL.

this would be same as writing stand alone rest client in main method. This being in SOAP service makes no difference as the service code becomes client.

-P
J Kilgrow
Greenhorn

Joined: Oct 05, 2010
Posts: 18
But in REST aren't all if the service parameters passed as URL parameters? Isn't that a little unsecure? I guess it would have to go over SSL...I would be interested to see what the various URL's look like. I guess it is time to put down the phone and dive into some code this weekend! :-D
Thanks!
Praful Thakare
Ranch Hand

Joined: Feb 10, 2001
Posts: 614
ut in REST aren't all if the service parameters passed as URL parameters


hell NOOOO you can pass values to REST in body, how do you invoke POST?
just imagine if you have to write plain old Servlet (POS ) to handle rest calls, how would you do that? won't you call Post with username password in body? the frameworks we have help us to get rid of writing boiler plate code like mapping request to exact method, validation , formatting output etc etc.
but if someone wants to develop rest application with simple servlet no one can stop shim ..

-P
Praful Thakare
Ranch Hand

Joined: Feb 10, 2001
Posts: 614
okay, I just read message from Moderator in first post

Posts in this welcome thread are not eligible for the drawing, and should be reserved for welcoming the author. Questions posted in this topic are subject to removal.


so you may want to open new thread if you questions, don't want to break any rules here
J Kilgrow
Greenhorn

Joined: Oct 05, 2010
Posts: 18
Well I feel dumb. Yeah. That is exactly how that would work. Thank you for keeping me straight!

So...really nothing special about rest? Right? Really we are just using the underlying http infrastructure to pass information. Maybe that is over simplified but that is my first swing at a broad explanation about what REST is.
J Kilgrow
Greenhorn

Joined: Oct 05, 2010
Posts: 18
Ah! And if I could see the book promotion page I would have seen all the other posts. :'-(
Mohamed Sanaulla
Saloon Keeper

Joined: Sep 08, 2007
Posts: 3068
    
  33

Praful Thakare wrote:okay, I just read message from Moderator in first post

Posts in this welcome thread are not eligible for the drawing, and should be reserved for welcoming the author. Questions posted in this topic are subject to removal.


so you may want to open new thread if you questions, don't want to break any rules here

Thanks Praful for noting this.
I have created a new post out this discussion.


Mohamed Sanaulla | My Blog
 
Don't get me started about those stupid light bulbs.
 
subject: What security mechanisms or strategies are available with REST?