I am going to expose my situation. I have a REST application running on Apache Tomcat 7.0. The question is that I want to authenticate and create client roles on the rest API server in order to allow users make some actions or not. The authentication and roles of clients will be determined by the SSL/TLS client certificate that clients have to send to the server.
Strategy is:
Is this feasible? Can anybody help with some tutorials or other posts?
We adopted HMAC authentication in our REST services. Good read: http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.