Win a copy of OCP Oracle Certified Professional Java SE 11 Developer Practice Tests this week in the OCP forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Jeanne Boyarsky
  • Ron McLeod
  • Tim Cooke
Sheriffs:
  • Devaka Cooray
  • paul wheaton
  • Mark Herschberg
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Frits Walraven
  • Jj Roberts
Bartenders:
  • Carey Brown
  • salvin francis
  • Piet Souris

Secure REST APIs

 
Ranch Hand
Posts: 337
Scala Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Ranchers,

I am currently working on a Security POC where in we are using JWT for token based security
This POC later will be integrated later in my actual project.

What are the best strategies to make my REST calls and REST API secure?

Actual Project already have OAuth 2 Token based Security.

I am already using HTTPS Protocol.

Request you to help me with the same.

Regards,
-Pankaj.



 
Saloon Keeper
Posts: 12715
277
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It depends on what framework you're using for the actual REST application. I'd use established middleware for that framework. For instance, if the application is built on Spring, I'd use Spring Security's JWT provisions.
 
Pankaj Shet
Ranch Hand
Posts: 337
Scala Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Thanks for your reply Stephan.

It is using Spring platform, but we are not using Spring Security.

What we are doing is explained in brief:

Everytime the user logs in, the User credentials are verified from db and JWT tokens are sent back to user.
Every subsequent request which is not the login request is intercepted by the spring HandlerInterceptor which does the job of verifying the tokenstring, parsing the claims.
If claims are formed succcessfully, the request is processed further else it is not.
We are using https request..!

So now I want to understand why would I have to integrate OAUTH2, OpenID and Spring Security,  what are the advantages of using each.

Apart from above if anything is found more secure please suggest.

I want to make REST API Ultra secure.

Please help me out for the same.

Regards,
-Pankaj.
 
Rancher
Posts: 530
6
IntelliJ IDE Spring Fedora
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The reason you would use spring security is because you already have spring all set up, it would be trivial to add spring security and it would save you alot of time because it's already implemented well.
 
Squanch that. And squanch this tiny ad:
the value of filler advertising in 2020
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic