I am considering developing a RESTful application that provides an API for mobile apps, but which is not intended to be accessed directly in a web browser (at least for the first version of the service). In order to secure the API endpoints, I would like to use OAuth 2.
SiA4 does not cover Spring Security for OAuth. It was my intent to include such coverage, but Spring Security for OAuth was undergoing some changes configuration-wise while I was writing the book and the book was getting *WAY* too big, so we decided to leave it out. I'll think about where you can find a good S2OAuth example and reply again here later.
Daniel Trebbien wrote:Oh wow! That seems to be what I am looking for. Thanks!
Does Spring in Action have a section on Spring Security OAuth? Is there another recommendation for securing a RESTful API service?
Take a look at https://github.com/habuma/SpringREST. Specifically, the trips-secured example which shows how to secure a Spring MVC-based REST API with Spring Security for OAuth 2. Be sure to also take a look at the client_authorization.txt file, which gives you a few clues about how a client might use this API. (Note that there is no client code written here.)
Bruce Jin wrote:Thanks Craig.
I look forward your S2OAuth example.