java - How To Implement Rest Full Web Service with Auth Token using Spring Security 4.0.1.RELEASE -


i trying design api manager restful webservice. in spring's new release, can combine in java code without using web.xml nor securityconfig.xml. according authtoken concept, api manager should have authtoken , refresh token user authentication. please, can give me sample source code or guidance how implement restfull webservice spring security.

  1. i need know how configurations implement in java code.
  2. it should have authtoken concept also.

this tutorial correct way this.

http://www.beingjavaguys.com/2014/10/spring-security-oauth2-integration.html

but spring configuration in spring.xml file.

i need put them in java level also.

the people @ stormpath have quite straightforward solution achieving oauth. please take @ using stormpath api authentication.

as summary, solution this:

  1. you use stormpath java sdk delegate user-management needs.
  2. when user presses login button, front end send credentials securely backend-end through rest api.

    2.1. way, stormpath enhances possibilities here. instead of having own login page, can delegate login/register functionality stormpath via idsite, or can delegate servlet plugin. stormpath supports google, facebook, linkedin , github login.

  3. your backend try authenticate user against stormpath backend , return access token result:

    /** code throw exception if authentication fails */ public void postoauthtoken(httpservletrequest request, httpservletresponse response) {     application application = client.getresource(applicationresturl, application.class);      //getting authentication result     accesstokenresult result = (accesstokenresult) application.authenticateapirequest(request);      //here can user data stored in stormpath     account account = accesstokenresult.getaccount();      response.setstatus(httpservletresponse.sc_ok);     response.setcontenttype("application/json");      //return access token     response.getwriter().print(token.tojson());     response.getwriter().flush(); } 
  4. then, every authenticated request, backend do:

    /** protected api */ public void sayhello(httpservletrequest request, httpservletresponse response) {     application application = client.getresource(applicationresturl, application.class);      oauthauthenticationresult result = (oauthauthenticationresult) application.authenticateoauthrequest(request).execute();      system.out.println(result.getapikey());     system.out.println(result.getaccount());      //at point authorization successful, can allow actual operation executed     dosayhello(); } 

all not need special spring security configuration, plain java code can run in framework.

please take here more information.

hope helps!

disclaimer, active stormpath contributor.


Comments