Securing Spring Rest with Spring Security and OAuth2 - Username/Password are exposed
Question
i am working on a spring rest project and using OAuth 2.0 to protect these API's from unauthorised access.
Frontend: Angular.js Backend: Spring Rest+ Spring Security + Oauth2
Everything was working fine:
1) I got a token from backend using oauth with following uri:
..../oauth/token?grant_type=password&client_id=angularapp&client_secret=angularapp&username=user5@gmail.com&password=user5@123
2) I got a token from backend and use that token to acess the API's.
Now my problem is that, once i hit backend with /oauth/token?grant_type=password&client_id=angularapp&client_secret=angularapp&username=user5@gmail.com&password=user5@123
this uri, this is all there at page in angular js files, anyone can access them with view page source.
Please suggest a way to hide these credential at js level, some encryption or any other implement at backend if necessary.
Do i implementing it wrong? please suggest a right path
Thanks
1 answers
solution1
0 2016-07-18 14:36:12
The answer lies at JWT tokens. Dont use URL encoded. In this situation, your Auth0 server and API server both share a secret encryption key. There are plenty of JWT frameworks you can use to avoid boilerplate coding. for instance: https://github.com/auth0/java-jwt
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.