Solved

spring security and Oauth

Posted on 2015-01-13
5
298 Views
Last Modified: 2015-01-18
What is reasons to integrate spring-security with Oauth2.0. But spring-security can do the same activity like authentication and authorisation as Oauth2 . let me know the reason for this. Oauth2.0 can be a separate entity from spring security but is they work same kind of activity or different?
0
Comment
Question by:roy_sanu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 40548620
In short, OAuth is to reinforce check that only the assigned user access to your protected resources with the right permission level. This article is a good more depth on this portion as it include the workflow in getting a "passport" which will be requested in order for any external application access attempts to your protected resources. In fact, you define what sort of credentials in the passport to present to seek entry clearance.
https://techannotation.wordpress.com/2014/04/29/5-minutes-with-spring-oauth-2-0/

The main Spring-security Oauth2 sites below are suggested if needed to drill into specifics and include their overall spring forum
http://projects.spring.io/spring-security-oauth/
http://spring-security-oauth.codehaus.org/oauth2.html
0
 

Author Comment

by:roy_sanu
ID: 40555139
,thanks for the info... One more question like to ask you on secuirty of  web services, do restful and soap follow the same OAuth based with spring security or only OAuth  for soap and Restful will do........
0
 
LVL 64

Assisted Solution

by:btan
btan earned 500 total points
ID: 40555743
It will, especially the OAuth is standard for resource authorisation. You can consider it as:
- OAuth for Authorisation, Message Signing and Encryption
- Spring Security for Authentication
- Spring Security + TLS/SSL for Data in transit via secure channel

To secure a REST-ful webservice, Spring security + OAuth is possible.
E.g. (more on implementation code examples)
https://malalanayake.wordpress.com/2014/06/27/spring-security-on-rest-api/
E.g. (more on another description and flow, note SAML token and OAuth2)
http://blog.cloudfoundry.org/2012/10/09/oauth-rest/

To secure SOAP webservice, WS-Security is commonly used rather than OAuth. One instance is that OAuth makes authentication based on HTTP headers using Authorization: bearer <TOKEN> etc while SOAP web services use WS-Security which uses XML elements on the SOAP message header for authentication. There is Spring-WS which is based on WS-Security is required and more preferable instead of using OAuth.
E.g. http://docs.spring.io/spring-ws/site/reference/html/security.html

Having said that, OAuth may be still possible as shared below instance but it seems there are customisation. I rather not venture with that ideally if possible.
E.g. http://blog.avisi.nl/2012/11/22/consuming-oauth-secured-soap-webservices-using-spring-ws-axiom-signpost/

Overall Spring security can secure SOAP and REST-ful webservices
0
 

Author Comment

by:roy_sanu
ID: 40556080
There's no blueprint for where I should be. I see myself as a young, good actor who still has a lot to learn. There's nobody at any point in their career who is the finished article. Thanks for all the input, Hope i will cherish this on my
small register called memory...

Thank you Dear...
0
 
LVL 64

Expert Comment

by:btan
ID: 40556144
thanks for sharing
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
The viewer will learn how to implement Singleton Design Pattern in Java.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question