restful-authentication

im trying to integrate spring security with a custom angular 2 login, that is a specific endpoint of my app is protected with spring security, trying to access it will redirect to /login that is handled in angular 2. as things stands now i have no clue as to how to perform the login and grant access to the backend API once logged. i am configuring spring security as follows: @Override protected void configure(final HttpSecurity http) throws Exception { http .csrf().disable() .cors().and() .authorizeRequests() .antMatchers("/api/someEndpoint/**") .hasRole(ADMIN_ROLE).and().formLogin()

I've built my first grails application. My URL mappings are what the default application provides: static mappings = { "/$controller/$action?/$id?"{ constraints { // apply constraints here } } "/"(view:"/index") "500"(view:'/error') } Senario I have a controller called ColorController with actions save and list . It simply does something like this: def save () { def colorInstance = new Color(params) colorInstance.save(flush: true) } def list () { [colorList: Color.list, colorTotal: Color.count()] } I would like to build a simple API for these actions. The save action should accept parameters

I have a simple web service that has an API third party developers are allowed to access. The API mostly follows REST principles. I'm interested in solutions to make the API more secure by requiring developers to use client certificates. Is there any open source solutions or other implementation advice any of you have that would assist in REST based APIs using user level certificates for auth? My generic advice would be to keep your API separate from your authentication routines. Your web server should handle the interaction for you. Solutions for your side of the client-certificate scenario

I'm trying to write a script to communicate with an online exchange. 'Public' requests are sent to : https://yobit.net/api/3/ 'Trade' requests are sent to: https://yobit.net/tapi/ My public requests work great. My 'private calls' however return a 404 error. My keys are 100% correct. I currently produce the following URL: https://yobit.net/tapi/activeorders/ltc_btc/&apikey=MY_APIKEY_HERE&nonce=1456192036 Did I missinterpret the documentation? Perhaps a false URL structure? Documentation Link ---> here Each Trade API request should pass authentication. Authentication is fulfilled by sending the

Is there a way to uniquely identify my Android App in Java code? Maybe some combination of the package name and something else? I know there is a way to identify a unique Android device , but that is not what I am looking for. I want to be able to uniquely identify my Android app that I made so that I can then pass that information to my own private RESTful API. This would allow me to verify that the call is coming from my Android App and not another unauthorized one. I want my RESTful API to only work with the app I made and so no one can spoof it or access it unauthorized. Or is this an