Spring 4 REST Security

Topics 

  • Security options for REST applications 
  • Basic authentication 
    • Server side 
    • Client side

Security Options for REST applications 

  • Basic authentication 
    • Client sends Base64 encoded username and password for each request 
  • Oauth 
    • Token based

Basic Authentication (Server Side)

  • Traditional authentication approaches like login pages or session identification are good for web based clients involving human interaction but does not really fit well when communicating with REST clients which may not even be a web application 
  • Basic Authentication provides a solution for this problem 
    • With Basic Authentication, clients send it’s Base64 encoded credentials with each request, using HTTP [Authorization] header 
    • That means each request is independent of other request and server may/does not maintain any state information for the client, which is good for scalability point of view 
  • Must be used over SSL because Base64 encoded credentials are easy to decode

You must have an active subscription to download PDF and Lab Zip of this course topic.Please click the "Subscribe" button or the "Login" button if you already have an account.