没有Spring,是否可以使用OAuth2保护我的Java REST API?
[英]Is it possible to secure my Java REST API with OAuth2 without Spring?
问题描述
I'm working on a server side application, what would be a REST API. 
我正在服务器端应用程序上工作,这将是REST API。 Users would post data from their own hand made clients via this API to our own system. 用户可以通过此API将来自自己的手工客户端的数据发布到我们自己的系统中。 I would document the format of the data of course. 我当然会记录数据的格式。 But my question is, is it clever to implement the authentication with OAuth2 or am I better just going the SSL + Basic Auth route? 但是我的问题是,使用OAuth2实施身份验证是否明智?还是最好还是走SSL +基本身份验证路线? If so, why? 如果是这样,为什么? I googled a ton of posts and guides about OAuth2 and if it's not the client side they are handling, it is the Spring Security combination which I found rather hard to follow and questionable to implement since none of us in our company has used Spring framework. 我在Google上搜索了大量关于OAuth2的帖子和指南,如果不是OAuth2正在处理的是客户端,那是Spring Security组合,我发现很难遵循且难以实现,因为我们公司中没有人使用过Spring框架。
1 个解决方案
解决方案1
0 2017-11-08 15:11:48
As for "OAuth2 vs Basic Authentication", read this question (OAuth (Access Token) Vs API Key) and the accepted answer . 至于“ OAuth2与基本身份验证”,请阅读此问题 (OAuth(访问令牌)与API密钥)和可接受的答案 。
Spring Security OAuth is just one implementation. Spring Security OAuth只是一种实现。 You can find some other implementations here . 您可以在此处找到其他实现。 It should be noted that modern OAuth server implementations support OpenID Connect , but Spring Security OAuth doesn't. 应该注意的是,现代OAuth服务器实现支持OpenID Connect ,但是Spring Security OAuth不支持。 If your team is not familiar with Spring framework, there is no reason to use Spring Security OAuth. 如果您的团队不熟悉Spring框架,则没有理由使用Spring Security OAuth。 There exist many better implementations. 存在许多更好的实现。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.