[英]two way SSL/TLS authentication in a Rest Web Service
I am going to expose my situation. 我将揭露我的处境。 I have a REST application running on Apache Tomcat 7.0.
我有一个在Apache Tomcat 7.0上运行的REST应用程序。 The question is that I want to authenticate and create client roles on the rest API server in order to allow users make some actions or not.
问题是我想在其余的API服务器上进行身份验证并创建客户端角色,以便允许用户执行或不执行某些操作。 The authentication and roles of clients will be determined by the SSL/TLS client certificate that clients have to send to the server.
客户端的身份验证和角色将由客户端必须发送到服务器的SSL / TLS客户端证书确定。
Strategy is: 策略是:
Is this feasible? 这可行吗? Can anybody help with some tutorials or other posts?
有人可以帮忙一些教程或其他文章吗?
We adopted HMAC authentication in our REST services. 我们在REST服务中采用了HMAC身份验证。 Good read: http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/
好的阅读: http : //www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.