Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Securing a REST API in Java [closed]

I am building a REST API in Java - using Jersey. I want to secure sensitive API calls with an API token security scheme, but I don't have any idea where to start.

Is there a framework that will do this for me out of the box? Or do I have to implement my own security scheme?

like image 882
jcm Avatar asked Dec 03 '13 23:12

jcm


People also ask

How can I secure my API without authentication?

Encryption — Having encryption enabled on the API and using https using TLS secures the channel as well as the information sent. Rate limiting and throttling — Limiting the number of requests coming into an API helps prevent abuse. Throttling enables the availability of the service for legitimate consumers.


2 Answers

There are several frameworks to do secure Java RESTful web services. I would recommend "Apache Shiro" (http://shiro.apache.org/), it is a very nice and easy to use security framework that will allow you to implement the API token security scheme you mention. Take a look at this response: REST API key generation strategy (where I gave some insights on creating such a solution).

There are other security frameworks you can use, namely Java EE has support for security and also Spring provides support for security. Take a look at this very nice presentation by Matt Raible where he presents and demos these three frameworks: http://www.slideshare.net/mraible/java-web-application-security-denver-jug-2013

Avoid to implement "your own security scheme" (if you are not an expert in the topic...), there are many issues that may be overlooked and lead to problems... normally these frameworks help a lot on avoiding that.

HTH.

like image 166
emgsilva Avatar answered Sep 17 '22 16:09

emgsilva


You can take a look at OAuth. Its widely adopted and there are libraries that help you implement the protocol

like image 23
java_geek Avatar answered Sep 18 '22 16:09

java_geek