I just developed a simple restful web service by using Spring 4.0 and Hibernate 4.0, so it is without beans.xml file.
I would like to implement a Spring Security on the web service, since the roles will be performed on the HTTP functions GET, POST and DELETE, i.e. only admin who is allowed to DELETE, manager is allowed to do both POST and GET and the user can only GET data.
I'm looking for a detailed tutorial with example to implement Spring Security? or Do you think there is an easier security mechanism regardless it's strength?
I just found that they in Spring.io added a detailed tutorial with real example developed by Java 8 in their own website, so it is completely annotation-based, which helps for building a RESTful webservice with Spring, testing it and also securing it.
It is really awesome, located HERE
Related
As far as i understand, I can get the same result about login for Facebook, Google, and etc using both.
I searched a lot but nobody asked this...
What's difference between them?
Spring Social is an extension of the Spring Framework that allows you to connect your applications with Software-as-a-Service (SaaS) API providers such as Facebook, Twitter, and LinkedIn. You may also check this site https://projects.spring.io/spring-security-oauth/docs/oauth2.html
You can see this answer about use of spring social instead of plain oauth, not Spring security oauth.
But as this link is described Spring social is in end of life.
With the release of Spring Security 5, much of the functionality
offered by Spring Social’s connection framework, which is the most
valuable piece of Spring Social is now part of Spring Security
Probably you are speaking about spring-security-oauth2-client which part of spring security 5.
These links are some implementation with that:
https://spring.io/blog/2018/03/06/using-spring-security-5-to-integrate-with-oauth-2-secured-services-such-as-facebook-and-github
https://www.callicoder.com/spring-boot-security-oauth2-social-login-part-1/
This is my first question on StackOverflow and I hope someone can help me. :-)
I am planning to build a web-application (backend) with spring roo. For the backend I will use Spring and Hibernate/JPA. In the future I will implement a web client (JSF/Primefaces), a mobile client (Android) and a Windows App.
With spring roo it is easy to create a layered architecture with domain classes, repositories and services. This part is fun.
But now I am thinking about remoting and how to connect all the clients (web, mobile, windows) with my backend.
1.) What do you prefer for the remoting between client and backend? SOAP-Web Services or a REST-API (e.g. with JSON).
2.) If REST-API: How should the API look like for authentication/login functionality? REST is resource-oriented but how do you implement authentication with REST API?
At the moment I think a REST-API is a good idea. Because I am using spring it is easy to create a Spring MVC controller with REST support. But is this the correct way to implement a REST API for all the three devices? The web client e.g. should be implemented with JSF and Primefaces and I don´t use spring MVC for the web layer.
3.)Can I nevertheless use Spring MVC controllers to build the REST API (together with JSF in the web layer)? Or is there a better way?
1.) What do you prefer for the remoting between client and backend? SOAP-Web Services or a REST-API (e.g. with JSON).
I don't have too much experience with SOAP-WS, but I have a ton of experience with REST-APIs using JSON. There are many implementations for mobile, web and server side clients that are fairly simple to implement.
2.) If REST-API: How should the API look like for authentication/login functionality? REST is resource oriented but how to implement authentication with REST API?
If you are already using spring, I recommend securing your API with Spring Security. You can use spring security even if you don't end up going with Spring MVC for your API implementation. There are many ways to secure a rest API with spring security, but I the simplest is to send the basic auth header with every request to a secure URI
3.)Can I nevertheless use Spring MVC controllers to build the REST API (together with JSF in the web layer)? Or is there a better way?
Spring MVC Controllers will work fine, but I would recommend going with RestEasy or Jersey. I find them to be more flexable.
I agree with #mad_fox. Additionally, i want to add another option regarding your question#2. If you dont want to use Spring security, you can write your own token based authentication mechanism using spring and basic java interceptors.
You can store the token in your browser local storage.
I want to know that why we use jersey with spring and what are the benefits of using it.
I have searched on google but not getting proper answer so i am asking this question here.Sorry because i know my question is old but i am very confused now.
Please suggest me the example of jersey with spring and hibernate.
Thanx in advance.
I use Jersey2 with Spring in one of my projects and in the other Spring MVC4. The advantage of Jersey is its simplicity. If you are creating only RESTful Web services - use Jersey, if you have to generate also some web pages for users, consider to use Spring MVC.
Additionally, I develop my applications on Google Cloud, so the warm up time is very important (if there is a traffic spike, many instances have to wake up in the background to be ready for incoming requests) - according to my tests Jersey is a bit faster than MVC.
Here you have an example of complete configuration:
Integrating Jersey 2 and Spring with Java Based Configuration
Developed Rest API using Java/Spring MVC
Can we provide authentication for RestAPI? If yes, How?
Now I am struggling with authentication for RestApi. Can anyone send some examples regarding the same.
Accessing rest API through AJAX request.
Since you are already using Spring, you can use Spring security to provide security related functionality. This can give you one stop solution for your security needs. Common security mechanisms for Rest API's (basic, digest) and features are supported out of box and it's very easy to add your custom security too. For a start tutorial you can have a look here
I have a RESTful API built with Spring 3.1, using Spring Security as well. I have a web application, also a Spring 3.1 MVC application. I am planning to have mobile clients accessing my REST API. So my API is the central place to authenticate, get data served from, etc.. It all makes sense so far.
Now what I cannot wrap my head around is how to add Spring Social in an easy and smart way. How did you do it? Did you maybe only move the ConnectionRepository to the API? Or did you have the API do it all? I want to prevent double-authorization for each client-technology by all means (preventing double-authorization meaning userA connects to facebook in the webapp, and then starts using our mobile client and should NOT be asked to connect to facebook again just b/c userA is using a different client).
Thanks for sharing your thoughts!
The solution we use it to secure our rest-webservices using spring security, with a cookie based remember me service. This uses well documented traditional spring-security techniques.
We then plugged in spring-social to our system, which then simply logs in the user as normal using spring secruity. The social api looks up the, for example, facebook id in your db table, if it finds existing connection logs the user in using their account on your system (and can redirect to sign up page etc).
I suggest breaking down the question into more specific areas.