java - How To Implement Rest Full Web Service with Auth Token using Spring Security 4.0.1.RELEASE -


i trying design api manager restful webservice. in spring's new release, can combine in java code without using web.xml nor securityconfig.xml. according authtoken concept, api manager should have authtoken , refresh token user authentication. please, can give me sample source code or guidance how implement restfull webservice spring security.

  1. i need know how configurations implement in java code.
  2. it should have authtoken concept also.

this tutorial correct way this.

http://www.beingjavaguys.com/2014/10/spring-security-oauth2-integration.html

but spring configuration in spring.xml file.

i need put them in java level also.

the people @ stormpath have quite straightforward solution achieving oauth. please take @ using stormpath api authentication.

as summary, solution this:

  1. you use stormpath java sdk delegate user-management needs.

  2. when user presses login button, front end send credentials securely backend-end through rest api.

    2.1. way, stormpath enhances possibilities here. instead of having own login page, can delegate login/register functionality stormpath via idsite, or can delegate servlet plugin. stormpath supports google, facebook, linkedin , github login.

  3. your backend try authenticate user against stormpath backend , return access token result:

    /** code throw exception if authentication fails */ public void postoauthtoken(httpservletrequest request, httpservletresponse response) {     application application = client.getresource(applicationresturl, application.class);      //getting authentication result     accesstokenresult result = (accesstokenresult) application.authenticateapirequest(request);      //here can user data stored in stormpath     account account = accesstokenresult.getaccount();      response.setstatus(httpservletresponse.sc_ok);     response.setcontenttype("application/json");      //return access token     response.getwriter().print(token.tojson());     response.getwriter().flush(); }

  4. then, every authenticated request, backend do:

    /** protected api */ public void sayhello(httpservletrequest request, httpservletresponse response) {     application application = client.getresource(applicationresturl, application.class);      oauthauthenticationresult result = (oauthauthenticationresult) application.authenticateoauthrequest(request).execute();      system.out.println(result.getapikey());     system.out.println(result.getaccount());      //at point authorization successful, can allow actual operation executed     dosayhello(); }

all not need special spring security configuration, plain java code can run in framework.

please take here more information.

hope helps!

disclaimer, active stormpath contributor.


Comments

Post a Comment

Popular posts from this blog

angularjs - ADAL JS Angular- WebAPI add a new role claim to the token -

i have created angular spa webapi backend using adal js authentication.as there no roles in ad, need manually add role claims in order give users access different api controllers. the roles stored in database. expecting inject claim through call webapi after authentication ad. webapi code might this. identity.addclaim(new claim("role", "user")); var ticket = new authenticationticket(identity, props); var accesstoken = startup.oauthbeareroptions.accesstokenformat.protect(ticket); is possible replace adal idtoken new token? is viable solution or there other better way handle this? as initial token generated azuread, possible edit token add new claim? appreciated. graph api supporting group claims. see here: http://justazure.com/azure-active-directory-part-4-group-claims/ if @ examples on page, users assigned groups , app can check group in claims. in current version of portal, need app manifest , modify it.
Read more

php - CakePHP HttpSockets send array of paramms -

i problem when make request (i can request). $link = 'http://uri/path/?param1=1&sid=2&sid=3&sid=4' $http = $httpsocket = new httpsocket(); $res = $httpsocket->get($link); if check request pr($http); i see : [line] => /url/path/?param1=1&sid%5b0%5d=2&sid%5b1%5d=3&sid%5b2%5d=4 http/1.1 and i'm getting empty response because server doesn't know parameters sid%5b0%5d=2 when try send parameters array : $data = array('param1' => '1', 'sid' => array('2','3', '4')); i see same changes %5b0%5d - additional indexes. how fix it? unfortunately , can not change server side, if send request in browser, i'll normal response in json format. when make request, can parameters this: $param1 = $_get['param1']; $sid= $_get['sid']; tip: use diferente names parameters. have multiples sid. use sid1, sid2, sid3... update: can parameters this:
Read more

node.js - Using Node without global install -

i'm working on few node & electron (atom shell) projects , i'm curious how them work without user having install node globally. i've seen few applications including node directory in project contains node.exe binary. how go setting node project use binary? edit: thought should add, i've searched everywhere answer this, unrelated results.
Read more