restful-authentication | 易学教程

Jersey JAX-RS + Spring security application sample

阅读更多关于 Jersey JAX-RS + Spring security application sample

问题 Does anyone have a sample application about what is described on this answer? User authentication on a Jersey REST service 回答1: Use Followings Steps: Step 1 . Insert a Filter(See Jersey DOCS how to intercept request) in your jersey Application. Step 2 . Ask client application to pass user credentials in Header, So that you fetch them in Jersey Service Filter. Step 3 . Fetch the header values and ask your DB to validate them. Step 4 . Once validated use Security Context to store the principle

How to get Remote / Client IP address using RESTful web service in java?

阅读更多关于 How to get Remote / Client IP address using RESTful web service in java?

问题 I have written Rest web service in my project.The web service call may come from different machine.so i need to find out the IP address through REST webservice. From this link request.getRemoteAddr() to use this. But i cant use getRemoteAddr(). Because my request and response are xml format. I have used post method in REST service.Tomcat server.I have send request as xml format. How can i get the IP address? 回答1: Assuming you are using JAX-RS: @GET Produces("application/xlm") public String

rails - InvalidAuthenticityToken for json/xml requests

阅读更多关于 rails - InvalidAuthenticityToken for json/xml requests

问题 For some reason I'm getting an InvalidAuthenticityToken when making post requests to my application when using json or xml. My understanding is that rails should require an authenticity token only for html or js requests, and thus I shouldn't be encountering this error. The only solution I've found thus far is disabling protect_from_forgery for any action I'd like to access through the API, but this isn't ideal for obvious reasons. Thoughts? def create respond_to do |format| format.html

WCF, RESTful Web Services and custom authentication

阅读更多关于 WCF, RESTful Web Services and custom authentication

I am beginning to believe I am a grossly incompetent programmer. After a lot of reading, I still cannot figure out how to cleanly implement an authentication mechanism for a RESTful WCF Service. I have tried everything: Following this guide , only to find out that the proposed authentication mechanism is a ugly hack. Installing the WCF REST Starter Kit , only to find out it is obsolete and has been replaced with another project template. Install said project template , only to find out it does not provide any authentication mechanism of its own. Install an IIS module that provides custom

Authenticating mobile users against SAML IDP

阅读更多关于 Authenticating mobile users against SAML IDP

问题 I am looking for a solution for - authenticating mobile-app users against SAML IDP, and have got some basic queries (I am new to SAML, OAuth :) ) In this scenario, the flow could be like the mobile user will be authenticated by IDP, the SAML response generated by IDP is sent to Service provider (via mobile browser - Webview). The Service provider will then create a token which will be used by the mobile app for subsequent calls. Is this understanding correct ? Also, how will the mobile user

RESTful frameworks for Android, iOS…?

阅读更多关于 RESTful frameworks for Android, iOS…?

My company is reworking its API and wants to make everything RIGHT for this time ;) Thats the setup... We are delivering data to clients over the internet. Clients are mobile handsets like iPhone, Androids, J2ME, Blackberry... The server is coded in Ruby on Rails We want to achieve through a framework... Take use of ActiveResource on the clients. The framework should do the connection (REST), parsing and (dynamically) providing of models Licence must be open source. Authorization shall be included. We use OAuth and need to deliver the Access Token on any request. Maybe as parameter or in the

Token Authentication for RESTful API: should the token be periodically changed?

阅读更多关于 Token Authentication for RESTful API: should the token be periodically changed?

I'm building a RESTful API with Django and django-rest-framework . As authentication mechanism we have chosen "Token Authentication" and I have already implemented it following Django-REST-Framework's documentation, the question is, should the application renew / change the Token periodically and if yes how? Should it be the mobile app that requires the token to be renewed or the web-app should do it autonomously? What is the best practice? Anybody here experienced with Django REST Framework and could suggest a technical solution? (the last question has lower priority) odedfos It is good

User/Pass Authentication using RESTful WCF & Windows Forms

阅读更多关于 User/Pass Authentication using RESTful WCF & Windows Forms

问题 What is the best approach to implementing authorisation/authentication for a Windows Forms app talking to an IIS-hosted RESTful WCF Service? The reason I ask is I am very confused, after sifting through different articles and posts expressing a different method and eventually hitting a ~650 page document on WCF Security Best Practices" (http://www.codeplex.com/WCFSecurityGuide) I am just uncertain which approach is the BEST to take and how to get started on implementation, given my scenario.

passport.js passport.initialize() middleware not in use

阅读更多关于 passport.js passport.initialize() middleware not in use

I am using node with express + mongoose and trying to use passport.js with restful api. I keep getting this exception after authentication success (I see the callback url on the browser): /Users/naorye/dev/naorye/myproj/node_modules/mongoose/lib/utils.js:419 throw err; ^ Error: passport.initialize() middleware not in use at IncomingMessage.req.login.req.logIn (/Users/naorye/dev/naorye/myproj/node_modules/passport/lib/passport/http/request.js:30:30) at Context.module.exports.delegate.success (/Users/naorye/dev/naorye/myproj/node_modules/passport/lib/passport/middleware/authenticate.js:194:13)

How to secure RESTful web services?

阅读更多关于 How to secure RESTful web services?

I have to implement secure RESTful web services . I already did some research using Google but I'm stuck. Options: TLS (HTTPS) + HTTP Basic (pc1oad1etter) HTTP Digest two-legged OAuth a Cookie-based approach client certificates (Tom Ritter and here ) Signed requests using HMAC and a limited lifetime Are there more possible options to consider? If OAuth then what version? Does it even matter? From what I've read so far OAuth 2.0 with bearer tokens (that is without signatures) seems to be insecure . I've found another very interesting article on REST based authentication . Secure Your REST API..