[英]User Token authentication Spring MVC RESTful API
I would like to secure our REST API with user token. 我想用用户令牌保护我们的REST API。
I would like to ask you - is there in Spring framework native support for such authentication flow - I'll be happy with some simple example or URL to Spring doc? 我想问你 - Spring框架中是否存在对此类身份验证流程的原生支持 - 我会对Spring doc的一些简单示例或URL感到满意吗? If so, what do I need to use?
如果是这样,我需要使用什么? I have studied Spring docs and read many tutorials, and It seems there is a support for everything and I need to know what is the best for my issue.
我已经学习了Spring文档并阅读了很多教程,似乎对所有内容都有支持,我需要知道什么是最适合我的问题。
For token-based authorisation to resources, one framework that will inevitably come-up will be oAuth 对于基于令牌的资源授权,一个不可避免会出现的框架将是oAuth
oAuth will help you achieve exactly the workflow that you desire eg that a user can authenticate and then be given a token to access a defined set of resources via an API. oAuth将帮助您完全实现您所需的工作流程,例如,用户可以通过API进行身份验证,然后获得令牌以访问定义的资源集。 It is however fairly heavyweight and it is definitely worth taking the time to understand how it works and that it exactly fits the picture of your requirements.
然而,它是相当重量级的,绝对值得花时间了解它是如何工作的,它完全符合您的要求。
The "official" site is here . “官方”网站就在这里 。 There are two versions of oAuth, so again this will help you to understand which the the right one for you.
有两个版本的oAuth,所以这将再次帮助您了解哪一个适合您。
As for Spring Security integration, there is a Spring Security oAuth project . 至于Spring Security集成,有一个Spring Security oAuth项目 。 The documentation for this is pretty good both at the level of how the integration works with Spring Security, but also in terms of helping you understand that oAuth is the right solution for your project.
无论是在集成如何与Spring Security协同工作的水平上,还是在帮助您了解oAuth是您项目的正确解决方案方面,这方面的文档都非常好。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.