[英]Securing REST API with Security REST plugin
I'm building a decision support tool in GRAILS for the room scheduling at my highschool. 我正在GRAILS中建立一个决策支持工具,用于我高中的房间调度。 I'm using Spring Security and I want to secure the REST api.
我正在使用Spring Security,并且想保护REST api。 I've found very little information on the proper way to do this.
我发现有关执行此操作的正确方法的信息很少。 However I've been looking to the Spring Security REST plugin
但是我一直在寻找Spring Security REST插件
The documentation is not very clear to me, does anyone have a working example/tutorial using this plugin? 文档对我来说不是很清楚,是否有人使用此插件提供了有效的示例/教程?
Suggestions on how to implement this would be great. 关于如何实现这一点的建议会很棒。
I am just reading out the sequence diagram loud for you. 我只是为您大声读出时序图。 I am working on a sample app using this plugin and (AngularJS in client side) and will be releasing soon (probably tonight).
我正在使用此插件和(客户端的AngularJS)开发示例应用程序,并将很快发布(可能今晚发布)。
Here are the steps: 步骤如下:
X-Auth-Token
(default) instead of passing Basic Auth
every time. X-Auth-Token
(默认值)传递到标头中,而不是每次都传递Basic Auth
。 Therefore, you end up with a token based validation for the REST Endpoints. 因此,最终您将获得基于令牌的REST端点验证。 Go through plugin's FAQ for more answers.
浏览插件的常见问题以获取更多答案。
Author will be releasing the latest version of plugin (1.3.0) very soon and you would find some updates in the documentation. 作者将很快发布最新版本的插件(1.3.0),您会在文档中找到一些更新。
I have just touched the basic functionality of this plugin right now, but it has the flexibility to handle more than just generating token. 我刚刚接触了此插件的基本功能,但是它具有处理灵活性,而不仅仅是生成令牌。 Example, delegating auth to OAuth providers .
例如, 将auth委托给OAuth provider 。 I will update the link to the aforementioned sample app in this answer as soon as I push it to github.
一旦将其推送到github,我将在此答案中更新到上述示例应用程序的链接。
UPDATE: 更新:
Sample App 示例应用
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.