Security for Spring Restful Web Services

Question

I am writing a Spring Restful Web Services Project. I need to write secure Web Services. For Security I am already using Spring Security+SSL, however now i need some securit

Answer 1

There are multiple ways to secure your restful webservices, unfortunately there are many links which provides information to secure a soap web services, but as restful gaining popularity, it is of utmost necessity to find a way to secure and to find a way to manage sessions of your restful web service. So to secure my Spring MVC with restful support, You need to atleast consider for three Aspect

1) Authentication. -- For Authentication Spring Security can be used.
2) Authorization. -- For Authorizing a request OAuth can be used.
3) Securing the communication. -- SSL can be used to secure the communication channel.
4) Encryption -- Again Oauth can solve the purpose
5) Message Signing. -- Again Oauth can solve the purpose

So , to secure a restful webservice spring security + OAuth can be used. The other security mechanisms which can be used are Http Basic Security and Digest Security.

Here is a very good example securing a spring restful webservice with spring security: http://java.dzone.com/articles/securing-restful-web-service

Also to use spring security in conjunction with OAuth you can follow this tutorial:

Spring security with OAuth