[英]Secure Grails Rest Api with Spring Security Rest Plugin
Can I use spring-security-rest as a replacement of Oauth?. 我可以使用spring-security-rest代替Oauth吗? My app has server side part and java script client side part where I found that spring-security-rest plugin fits most.
我的应用程序具有服务器端部分和Java脚本客户端部分,在这些地方我发现spring-security-rest插件最合适。 But I want to be able to authenticate other apps who want to consume my service (I want to be something like Oauth provider).
但是我希望能够对想要使用我的服务的其他应用进行身份验证(我想成为Oauth提供者之类的东西)。 Does spring-security-rest plugin support this?
spring-security-rest插件支持吗? or should I use another plugin?
还是应该使用其他插件?
The plugin is not a fully OAuth provider. 该插件不是完全的OAuth提供程序。 Or said in OAuth terminology, is not a full Authorisation Server.
或用OAuth术语说,不是完整的授权服务器。
In that case I recommend you Spring Security OAuth 2 Provider Plugin 在这种情况下,我建议您使用Spring Security OAuth 2 Provider插件
If you are looking only for a simplistic token based authentication for your service, you could leverage the spring security rest plugin
and tweak it a little bit based on your need without having to implement the full blown Spring Security OAuth2 Provider plugin
. 如果您只为服务寻找简单的基于令牌的身份验证 ,则可以利用
spring security rest plugin
并根据需要对其进行一些调整,而无需实现完整的Spring Security OAuth2 Provider plugin
。 I managed to accomplish something similar with by extending some of the base classes of spring security rest plugin
to modify the login payload and authentication and exposed a token/validate
as a REST endpoint. 通过扩展
spring security rest plugin
一些基类来修改登录有效负载和身份验证,并将token/validate
公开为REST端点,我设法完成了与之类似的事情。 I put up this as an independent authentication service that uses the /api/login
API for token generation in tandem with the /token/validate
to accomplish some kind of validation on token. 我将其作为独立的身份验证服务,将
/api/login
API与/token/validate
来生成/token/validate
以完成对令牌的某种验证。 Not a full blown Oauth scenario but serves the purpose of authentication between consumer and provider services. 这不是完全成熟的Oauth方案,但用于消费者和提供者服务之间的认证。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.