[英]Securing REST API in JBoss
I'm developing a RESTeasy JSON API under JBoss-As 7 . 我正在JBoss-As 7下开发一个RESTeasy JSON API。
I have another separate web-server. 我有另一个单独的Web服务器。
I am developing with JAVA on server-side, and on client-side with Javacript , JQuery , AJAX . 我在服务器端使用JAVA进行开发,在客户端使用Javacript , JQuery , AJAX进行开发 。
So, I have 2 distinct * war *s, let say they can be accessed as following: 所以,我有两个不同的 * war * s,让我们说它们可以访问如下:
Now I want to secure these two guys; 现在我想要保护这两个人; RESTeasy API and web-server .
RESTeasy API和Web服务器 。
Let me tell about my structure: 让我讲述我的结构:
My scenario is as following: 我的方案如下:
web/aaa.html
which is restricted to authenticated users. web/aaa.html
。 web/login.html
web/login.html
Client filled the FORM and sent to ... either, 客户填写表格并发送给......,
a) to the rest-api, or a)到rest-api,或者
b) to web-server, b)到web服务器,
not sure (So, here you have an implicit question). 不确定(所以,这里有一个隐含的问题)。
But in any case, what a or b should do is the same: 但无论如何,a或b应该做的是:
Check username-password. 检查用户名密码。 Let say they are checked and the user is authenticated.
假设他们已经过检查并且用户已通过身份验证。
From now on, I should have got these two things at the same time: 从现在开始,我应该同时得到这两件事:
1- Client is authorized to navigate the restricted pages. 1-客户端有权浏览受限页面。
2- Client will be authorized on REST API calls. 2-客户端将获得REST API调用的授权。
So, I need these 2 things at the same time happen, after authenticating in login page. 因此,在登录页面进行身份验证后,我需要同时发生这两件事。
I have read lots of things, about authorization in REST API, with tokens, keys, etc. and yes I also have heard about Spring Security , Apache Shiro , etc. 我已经阅读了许多关于REST API授权的内容,包括令牌,密钥等等。是的,我也听说过Spring Security , Apache Shiro等。
And yes, I do not want to implement a new security framework by own and I will use one. 是的,我不想自己实现一个新的安全框架,我将使用一个。 I imagine that some framework can produce/check tokens etc. for me.
我想有些框架可以为我生成/检查令牌等。
Before Spring Security and Apache Shiro, I want to know about resteasy skeleton key JBoss module . 在Spring Security和Apache Shiro之前,我想了解一下resteasy骨架键JBoss模块 。
There are these sources: 有这些来源:
https://github.com/resteasy/Resteasy/tree/3.0.1.Final/jaxrs/examples/oauth2-as7-example https://github.com/resteasy/Resteasy/tree/3.0.1.Final/jaxrs/examples/oauth2-as7-example
http://docs.jboss.org/resteasy/docs/3.0-beta-2/userguide/html/oauth2.html http://docs.jboss.org/resteasy/docs/3.0-beta-2/userguide/html/oauth2.html
But, they didn't seem to me very explicative, and also I am not sure if they are what I need. 但是,他们在我看来并不是非常明确的,而且我也不确定他们是否是我需要的。
Is there someone who knows how to configure skeleton key (or in general JBoss App layer) and give me useful example to achieve what I've described, please? 是否有人知道如何配置骨架密钥(或一般JBoss App层)并给我一些有用的例子来实现我所描述的,请?
Or, could you give me some other advice/example to achieve my goal, especially noting that my question is about " how to implement "? 或者,您能否给我一些其他建议/示例来实现我的目标,特别是注意到我的问题是关于“ 如何实施 ”? I don't see where to begin.
我不知道从哪里开始。
Thanks in advance. 提前致谢。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.