Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Securing spring mvc REST api using siteminder

I have written REST web service in java using spring MVC. As this service is stateless, how I can secure it using siteminder? For login authentication, we are using siteminder at frontend.

like image 841
jinal Avatar asked Jul 13 '26 22:07

jinal


1 Answers

You can protect the web services URLs with CA SSO (aka SiteMinder) the same way you protect the user-facing parts of your website. Just create realms/rules/policies for the URLs. But there are some caveats/tricks:

  1. Include the SM session cookie in the client request
  2. Remember if the cookie is flagged HttpOnly, it won't work
  3. Use BASIC authentication for the realms - this way, your clients will receive a 401 if they aren't authenticated/authorized
  4. Also be wary of CORS restrictions if your web services aren't on the same hostname as the main page(s) of your app

HTH!

like image 169
Richard Sand Avatar answered Jul 15 '26 14:07

Richard Sand