REST 层安全性和集成

发布于 2024-09-08 02:51:57 字数 457 浏览 8 评论 0原文

我有一个基于小部件的前端与 REST 层通信。要使用前端,人们需要使用用户名和密码登录。进入后,用户可以与小部件交互,这些小部件会调用 REST 层。此时,REST层还没有进行授权。如果您登录成功,您就可以做任何您想做的事情。

但是,我想确保只有已登录的用户才能访问 REST 层。如果您尝试使用浏览器或其他客户端访问它,您应该会收到 404。

我们已经设法使用 OpenSSO 做到这一点,但它很复杂。随着向 OpenAM 的转型,其未来也充满疑问。此外,还需要与其他 REST 层集成,其中我构建的 REST 层的 Java 代码将充当其他受任何东西保护的服务的客户端。

因此,我在保护我的东西以及与其他东西的安全可插拔性方面存在问题。

我一直在阅读 OAuth、CAS、OpenID 和 JOSSO 等内容,发现自己对它们都解决了哪些问题感到困惑。我认为我的问题相当基本,但我不知所措。任何见解都值得赞赏。

谢谢。

I have an widget-based front end talking to a REST layer. To use the front-end, a human needs to log in with a username and password. Once in, the user can interact with the widgets, which make calls to the REST layer. At this point, no authorization is done at the REST layer. If you have logged in successfully, you can do whatever you want.

However, I want to ensure that only users who have logged in can hit the REST layer. If you try to hit it with a browser or other client, you should get a 404.

We have managed to do this with OpenSSO, but it is complex. And its future is in doubt with its transformation to OpenAM. Also, there will be the need to integrate with other REST layers where Java code at the REST layer I have built will act as a client to other services secured by conceivably anything.

Thus, I have an issue with securing my stuff and security pluggability with other stuff.

I have been reading up on OAuth and CAS and OpenID and JOSSO and on and on and find myself confused as to which problems they all solve. I thought my problem was fairly basic, but I am at a loss. Any insight is appreciated.

Thanks.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

套路撩心 2024-09-15 02:51:57

这取决于您的 REST 层使用什么框架。

例如,在restlet.org框架中,您可以扩展org.restlet.security.SecretVerifier
并实现基于会话、cookie 等的身份验证方案。

That's depends what framework your are using for your REST layer.

For example, in restlet.org framework you can extend org.restlet.security.SecretVerifier
and implement your authentication scheme based on session, cookies etc.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文