简体繁体 English

泽西岛休息api安全

[英]Jersey rest api security

原文 2012-06-13 22:25:59 7 1 java/ web-services/ security/ amazon-web-services/ jersey

I see the following link that explains how rest api needs to be secured. 我看到以下链接，该链接解释了如何保护rest api。 (Using public key and a HMAC(hash) of request parameters and private key). （使用公共密钥以及请求参数和私有密钥的HMAC（哈希））。

http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/ http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/

I also see this link in stackoverflow which talks about rest api security using spring 我还在stackoverflow中看到了此链接，该链接讨论了使用spring的REST API安全性

combining spring security 3 with jersey rest api 将Spring Security 3与jersey rest api结合使用

I see this link in oracle weblogic website that talks about restful api security using web.xml or security context etc 我在oracle weblogic网站上看到此链接，该链接讨论了使用web.xml或安全上下文等实现REST API的安全性

http://docs.oracle.com/cd/E24329_01/web.1211/e24983/secure.htm http://docs.oracle.com/cd/E24329_01/web.1211/e24983/secure.htm

Are these approaches distinct or related? 这些方法是不同的还是相关的？ I also couldn't find any code that actually does handshake etc. I am totally confused. 我也找不到任何实际可以进行握手等操作的代码。我完全感到困惑。 Please help. 请帮忙。

1 个解决方案

Second and third approaches are related in that they secure the web context for certain users, groups or roles. 第二种和第三种方法之间的联系是，它们为某些用户，组或角色保护Web上下文。

First approach talks about encrypting URL parameters so that sensitive request parameters sent through GET method are protected. 第一种方法讨论加密URL参数，以便保护通过GET方法发送的敏感请求参数。

Both of the above are independent and are needed for different reasons. 以上两个都是独立的，出于不同的原因而需要。 (message level security vs access control). （消息级安全性与访问控制）。