Solved

spring security and Oauth

Posted on 2015-01-13
5
281 Views
Last Modified: 2015-01-18
What is reasons to integrate spring-security with Oauth2.0. But spring-security can do the same activity like authentication and authorisation as Oauth2 . let me know the reason for this. Oauth2.0 can be a separate entity from spring security but is they work same kind of activity or different?
0
Comment
Question by:roy_sanu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 40548620
In short, OAuth is to reinforce check that only the assigned user access to your protected resources with the right permission level. This article is a good more depth on this portion as it include the workflow in getting a "passport" which will be requested in order for any external application access attempts to your protected resources. In fact, you define what sort of credentials in the passport to present to seek entry clearance.
https://techannotation.wordpress.com/2014/04/29/5-minutes-with-spring-oauth-2-0/

The main Spring-security Oauth2 sites below are suggested if needed to drill into specifics and include their overall spring forum
http://projects.spring.io/spring-security-oauth/
http://spring-security-oauth.codehaus.org/oauth2.html
0
 

Author Comment

by:roy_sanu
ID: 40555139
,thanks for the info... One more question like to ask you on secuirty of  web services, do restful and soap follow the same OAuth based with spring security or only OAuth  for soap and Restful will do........
0
 
LVL 63

Assisted Solution

by:btan
btan earned 500 total points
ID: 40555743
It will, especially the OAuth is standard for resource authorisation. You can consider it as:
- OAuth for Authorisation, Message Signing and Encryption
- Spring Security for Authentication
- Spring Security + TLS/SSL for Data in transit via secure channel

To secure a REST-ful webservice, Spring security + OAuth is possible.
E.g. (more on implementation code examples)
https://malalanayake.wordpress.com/2014/06/27/spring-security-on-rest-api/
E.g. (more on another description and flow, note SAML token and OAuth2)
http://blog.cloudfoundry.org/2012/10/09/oauth-rest/

To secure SOAP webservice, WS-Security is commonly used rather than OAuth. One instance is that OAuth makes authentication based on HTTP headers using Authorization: bearer <TOKEN> etc while SOAP web services use WS-Security which uses XML elements on the SOAP message header for authentication. There is Spring-WS which is based on WS-Security is required and more preferable instead of using OAuth.
E.g. http://docs.spring.io/spring-ws/site/reference/html/security.html

Having said that, OAuth may be still possible as shared below instance but it seems there are customisation. I rather not venture with that ideally if possible.
E.g. http://blog.avisi.nl/2012/11/22/consuming-oauth-secured-soap-webservices-using-spring-ws-axiom-signpost/

Overall Spring security can secure SOAP and REST-ful webservices
0
 

Author Comment

by:roy_sanu
ID: 40556080
There's no blueprint for where I should be. I see myself as a young, good actor who still has a lot to learn. There's nobody at any point in their career who is the finished article. Thanks for all the input, Hope i will cherish this on my
small register called memory...

Thank you Dear...
0
 
LVL 63

Expert Comment

by:btan
ID: 40556144
thanks for sharing
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
2-Factor authentication VPN for staff and suppliers 6 92
maven disable workspace resolution 1 79
Decrypt string by php 7 86
Wireshark Network Packet Analysis of PS4 7 64
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Ransomware is a growing menace to anyone using a computer or mobile device. Here are answers to some common questions about this vicious new form of malware.
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question