Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

spring security and Oauth

Posted on 2015-01-13
5
264 Views
Last Modified: 2015-01-18
What is reasons to integrate spring-security with Oauth2.0. But spring-security can do the same activity like authentication and authorisation as Oauth2 . let me know the reason for this. Oauth2.0 can be a separate entity from spring security but is they work same kind of activity or different?
0
Comment
Question by:roy_sanu
  • 3
  • 2
5 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 40548620
In short, OAuth is to reinforce check that only the assigned user access to your protected resources with the right permission level. This article is a good more depth on this portion as it include the workflow in getting a "passport" which will be requested in order for any external application access attempts to your protected resources. In fact, you define what sort of credentials in the passport to present to seek entry clearance.
https://techannotation.wordpress.com/2014/04/29/5-minutes-with-spring-oauth-2-0/

The main Spring-security Oauth2 sites below are suggested if needed to drill into specifics and include their overall spring forum
http://projects.spring.io/spring-security-oauth/
http://spring-security-oauth.codehaus.org/oauth2.html
0
 

Author Comment

by:roy_sanu
ID: 40555139
,thanks for the info... One more question like to ask you on secuirty of  web services, do restful and soap follow the same OAuth based with spring security or only OAuth  for soap and Restful will do........
0
 
LVL 63

Assisted Solution

by:btan
btan earned 500 total points
ID: 40555743
It will, especially the OAuth is standard for resource authorisation. You can consider it as:
- OAuth for Authorisation, Message Signing and Encryption
- Spring Security for Authentication
- Spring Security + TLS/SSL for Data in transit via secure channel

To secure a REST-ful webservice, Spring security + OAuth is possible.
E.g. (more on implementation code examples)
https://malalanayake.wordpress.com/2014/06/27/spring-security-on-rest-api/
E.g. (more on another description and flow, note SAML token and OAuth2)
http://blog.cloudfoundry.org/2012/10/09/oauth-rest/

To secure SOAP webservice, WS-Security is commonly used rather than OAuth. One instance is that OAuth makes authentication based on HTTP headers using Authorization: bearer <TOKEN> etc while SOAP web services use WS-Security which uses XML elements on the SOAP message header for authentication. There is Spring-WS which is based on WS-Security is required and more preferable instead of using OAuth.
E.g. http://docs.spring.io/spring-ws/site/reference/html/security.html

Having said that, OAuth may be still possible as shared below instance but it seems there are customisation. I rather not venture with that ideally if possible.
E.g. http://blog.avisi.nl/2012/11/22/consuming-oauth-secured-soap-webservices-using-spring-ws-axiom-signpost/

Overall Spring security can secure SOAP and REST-ful webservices
0
 

Author Comment

by:roy_sanu
ID: 40556080
There's no blueprint for where I should be. I see myself as a young, good actor who still has a lot to learn. There's nobody at any point in their career who is the finished article. Thanks for all the input, Hope i will cherish this on my
small register called memory...

Thank you Dear...
0
 
LVL 63

Expert Comment

by:btan
ID: 40556144
thanks for sharing
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IP Address -- lookup location ? 4 162
md5 password 3 74
Moving from Mcrypt to OpenSSL 18 45
jsp error 6 26
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
The viewer will learn how to implement Singleton Design Pattern in Java.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question