堆栈内存溢出
  简体   繁体   English

使用Spring Security Rest插件保护Grails Rest Api

[英]Secure Grails Rest Api with Spring Security Rest Plugin

 原文  2014-10-11 18:43:09       security/ rest/ grails/ spring-security/ oauth-2.0

问题描述

Can I use spring-security-rest as a replacement of Oauth?. 我可以使用spring-security-rest代替Oauth吗? My app has server side part and java script client side part where I found that spring-security-rest plugin fits most. 我的应用程序具有服务器端部分和Java脚本客户端部分,在这些地方我发现spring-security-rest插件最合适。 But I want to be able to authenticate other apps who want to consume my service (I want to be something like Oauth provider). 但是我希望能够对想要使用我的服务的其他应用进行身份验证(我想成为Oauth提供者之类的东西)。 Does spring-security-rest plugin support this? spring-security-rest插件支持吗? or should I use another plugin? 还是应该使用其他插件?

2 个解决方案

解决方案1
 1 已采纳  2014-10-15 15:23:00

The plugin is not a fully OAuth provider. 该插件不是完全的OAuth提供程序。 Or said in OAuth terminology, is not a full Authorisation Server. 或用OAuth术语说,不是完整的授权服务器。

In that case I recommend you Spring Security OAuth 2 Provider Plugin 在这种情况下,我建议您使用Spring Security OAuth 2 Provider插件

解决方案2
 0  2017-02-28 07:58:05

If you are looking only for a simplistic token based authentication for your service, you could leverage the spring security rest plugin and tweak it a little bit based on your need without having to implement the full blown Spring Security OAuth2 Provider plugin . 如果您只为服务寻找简单的基于令牌的身份验证 ,则可以利用spring security rest plugin并根据需要对其进行一些调整,而无需实现完整的Spring Security OAuth2 Provider plugin I managed to accomplish something similar with by extending some of the base classes of spring security rest plugin to modify the login payload and authentication and exposed a token/validate as a REST endpoint. 通过扩展spring security rest plugin一些基类来修改登录有效负载和身份验证,并将token/validate公开为REST端点,我设法完成了与之类似的事情。 I put up this as an independent authentication service that uses the /api/login API for token generation in tandem with the /token/validate to accomplish some kind of validation on token. 我将其作为独立的身份验证服务,将/api/login API与/token/validate来生成/token/validate以完成对令牌的某种验证。 Not a full blown Oauth scenario but serves the purpose of authentication between consumer and provider services. 这不是完全成熟的Oauth方案,但用于消费者和提供者服务之间的认证。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 保护Spring Boot Rest API - Secure a Spring boot rest api 使用Security REST插件保护REST API - Securing REST API with Security REST plugin Grails + Spring Security Rest +如何登录 - Grails + Spring Security Rest + How to login REST API安全性-如何保护它而不是sessionid - REST API security - how to secure it instead of sessionid REST API的Spring Security身份验证 - Spring Security authentication for a REST API grails spring rest 插件不足的范围 - grails spring rest plugin insufficient_scope 使用Spring Security Rest插件使Grails控制器动作具有公共访问权限 - Make Grails controller action have public access using Spring Security Rest Plugin Spring Boot 微服务休息 API 安全 - Spring boot micro services rest API security Spring Security for REST API的Basic Auth中的UserAuthorities - UserAuthorities in Basic Auth with Spring Security for REST API 调用具有Spring安全性保护的Rest API - Call A Rest API that is secured with spring security
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM