I am developing a web application with Spring. I have read about basic and digest authentication fundamentals. However how can I implement it with Java, is there any code example or is there any framework does it form me?
Here is an example with commons http client library...
Since you're already using Spring…
Spring Security implements these things, and its manual is a good place to start reading about it.
Related
I am in process of developing a POC as a part of technology overhaul.
For this i have developed a couple of Service endpoints using HAPI. I want to secure these web-services using Oauth 2.0 mechanism.
2 options that i have:
- Using the oauth2.0 support of npm which comes for express.
- Manually create the keys, share and then encrypt/decrypt.(node-rsa)
Being a novice to Nodejs i am unable to find a solid path for accomplishing this, and am a little skeptical.
Any help or examples would be really appriciated.
-V
Since you are working with Hapi I'd suggest leveraging the Bell plugin.
Support baked in for common third-party providers, but you can easily create a custom provider (detailed in the API docs).
I want to prevent CSRF in my website. i need sample working project in core asp.net with c#. please share if anybody having or give suggestion how to do that as soon as possible.
Thanks in advance
ARMOR is an anti-CSRF library, written in C#, designed to repel CSRF attacks targeting ASP.NET applications. Here is a tutorial on the subject, and here is the GitHub repo. Getting up-and-running is simply a matter of
Applying the necessary configuration settings
Adding Fortification Filters to the ASP.NET bootstrapper
Decorating your endpoints with ARMOR attributes
Dropping the included JavaScript on your UI
Disclaimer: I designed and built ARMOR, and the Encrypted Token Pattern. I’m happy to help you with your implementation.
I have a restful API that I built using node.js and node-restify. I am up to the part where I have to secure it. Apparently, it is easy to find out how to use OAuth 2.0 as a client but hard to find out how to set up a provider. I guess my google skills aren't as good as they used to be.
Can someone point me in the direction of where to start? Is there a basic OAuth 2.0 server provider library for node?
I don't have a problem with creating my own library if need be but I looked at the spec, and being that it is a spec, it seems overly complicated. I would think that there would be some sort of tutorial, webcast, or "hello World" style project that broke it down for the dummy in me.
Thanks for your thoughts.
After some heavy googling, I came up with a lead. I spoke with a kindhearted genius who began work on such a project. He decided to finish up his code and to release it to the world.
The package is called restify-OAuth2.
Here is a link to the package. Here is the link to the github page.
Thanks for all your help Domenic.
I need to create a JSON service to get and post data from a local and remote http/https server on Linux for my mobile apps. -I'm using MySQL as DB engine-
I tried with Glassfish EJB/JSP (I like Java), but it was a kind of frustrating, due the poor support that my linux development machine (mint 13) has for Oracle Glassfish.
In your opinion, what is the best way to make a remote JSON server on that environment? which alternatives do I have?
If you want to accept and send back JSON, you want a JAX-RS-based service, not a JSP one.
You will most likely use Jersey, RESTEasy, CXF, or similar implementations of the JAX-RS specification.
Sending back JSON from a JAX-RS implementation is trivial; that's what JAX-RS is designed to do. Generally speaking, JSP is used for web applications (where HTML, CSS, images, and JavaScript are returned), while JAX-RS is used for RESTful web services, where JSON, XML, and YAML is returned. You can use JSP to produce JSON, but it is not common.
As far as your overall architecture is concerned, any webserver is fine (Apache, Tomcat, etc.) and you can use either Springframework or a full app server like JBoss or Glassfish. Springframework has its own REST support, but I've used JAX-RS several times with Spring and it works very well. Since you already are using Glassfish, integrating a JAX-RS implementation should be straightforward. This article from Oracle shows you how.
Well, I guess you need to find a good framework where you feel confident.
I use Zend PHP + Doctrine to serve my apps. Why? I just create simple controllers in a good MVC like Zend and use all power from Doctrine to handle queries. Ok, but why? Because I develop quick and neat code on it.
Best
I have managed to integrate spring security to my GWT application using the following approach:
http://technowobble.blogspot.com/2010_05_01_archive.html
Note that I used the gwtrpcspring library for basic spring integration with GWT and it works well (non-invasive and efficient).
My question for which I can't seem to find the answer for is how do I use spring security in my GWT widgets based on Authorization - for example, I wouldn't want to show a menu item or a save option to a user who doesn't have the authority for these. Of course, my methods are protected at the server side, but I wouldn't want a user to click on something only then to find out they have no access to it. I don't want to litter my presentation logic with security related code (if-else blocks) if possible.
Is there something equivalent of the spring security jsp tag library that can be used within GWT client code? Or do we have to build up something on our own?
No - there is no equivalentand what I have done is setup a user role profile and passed this over at login which is in then published to the presenters that handle accordingly..
Ian
Everything you need is just to add Spring Security framework into your project.
You can ask server using RPC call at application start (after successful login) which user is current user and which roles he has.
I offer you to use my project hosted on https://code.google.com/p/gspring for simple and clear GWT and Spring integration.