stackoom
  简体   繁体   中英

Simple REST endpoints authentication

 原文  2019-03-03 13:12:03       java/ spring/ rest/ spring-boot/ spring-security

Question

I am learning how secure my endpoints, but everything i searched for contains pretty complicated examples, that didn't really answerd my question, and for now, just for the sake of this example project, i was looking for something simple.

My current solution is to make endpoints return like this: 

return authenticate(request.headers) ? cityService.getCity() : utils.unauthenticatedResponse();

Where authenticate(request.headers) checks for token in header. The thing i want to improve is to have that authenticate method run before every request to my endpoints (aside from login and register), so i can just return cityService.getCity(), and i won't have to make that check every time.

Will appreciate every answers, but please make it easy yo understand, since i am just a beginner.

2 answers

solution1
 2 ACCPTED  2019-03-03 13:39:30

Since you need to run the authenticate method before every request, you need to implement a Filter . It's pretty straightforward and you can get the steps and template to implement a filter here .

Every request to an endpoint will first pass through the filter (this is configurable), where you can have the authenticate method and then allow it further accordingly.

For starters, you can implement a filter like below: 

@Component
public class AuthFilter implements Filter {

    @Override
    public void doFilter
      ServletRequest request, 
      ServletResponse response, 
      FilterChain chain) throws IOException, ServletException {

        HttpServletRequest req = (HttpServletRequest) request;
        if(authenticate(req.getHeaders)){
            chain.doFilter(request, response);
        } else {
            //else logic, ie throw some exception in case authenticate returns false
        }
    }

}

The advantages that this provides are :

  • You can implement multiple filters
  • You can provide Order/priority to filters
  • You can configure which endpoints need to pass through the filter and which ones do not.

solution2
 1  2019-03-03 13:36:05

You can use ContainerRequestFilter (if you are using Spring/Tomcat)

Every request coming to the server will go through this filter, so you can implement your code in it.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Testing authentication on REST endpoints M2M authentication on exposed java ee rest endpoints Fixed Rest Endpoints Add authentication to GAE Java endpoints Authentication issues with Cloud Endpoints Portal Multiple endpoints for REST api in springboot Default page for unimplemented REST endpoints? REST endpoints don't fire Better design REST endpoints with .antMatchers() Quarkus custom rest endpoints with the PanacheEntityResource
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM