spring security and Oauth

What is reasons to integrate spring-security with Oauth2.0. But spring-security can do the same activity like authentication and authorisation as Oauth2 . let me know the reason for this. Oauth2.0 can be a separate entity from spring security but is they work same kind of activity or different?
roy_sanuAsked:
Who is Participating?
 
btanConnect With a Mentor Exec ConsultantCommented:
In short, OAuth is to reinforce check that only the assigned user access to your protected resources with the right permission level. This article is a good more depth on this portion as it include the workflow in getting a "passport" which will be requested in order for any external application access attempts to your protected resources. In fact, you define what sort of credentials in the passport to present to seek entry clearance.
https://techannotation.wordpress.com/2014/04/29/5-minutes-with-spring-oauth-2-0/

The main Spring-security Oauth2 sites below are suggested if needed to drill into specifics and include their overall spring forum
http://projects.spring.io/spring-security-oauth/
http://spring-security-oauth.codehaus.org/oauth2.html
0
 
roy_sanuAuthor Commented:
,thanks for the info... One more question like to ask you on secuirty of  web services, do restful and soap follow the same OAuth based with spring security or only OAuth  for soap and Restful will do........
0
 
btanConnect With a Mentor Exec ConsultantCommented:
It will, especially the OAuth is standard for resource authorisation. You can consider it as:
- OAuth for Authorisation, Message Signing and Encryption
- Spring Security for Authentication
- Spring Security + TLS/SSL for Data in transit via secure channel

To secure a REST-ful webservice, Spring security + OAuth is possible.
E.g. (more on implementation code examples)
https://malalanayake.wordpress.com/2014/06/27/spring-security-on-rest-api/
E.g. (more on another description and flow, note SAML token and OAuth2)
http://blog.cloudfoundry.org/2012/10/09/oauth-rest/

To secure SOAP webservice, WS-Security is commonly used rather than OAuth. One instance is that OAuth makes authentication based on HTTP headers using Authorization: bearer <TOKEN> etc while SOAP web services use WS-Security which uses XML elements on the SOAP message header for authentication. There is Spring-WS which is based on WS-Security is required and more preferable instead of using OAuth.
E.g. http://docs.spring.io/spring-ws/site/reference/html/security.html

Having said that, OAuth may be still possible as shared below instance but it seems there are customisation. I rather not venture with that ideally if possible.
E.g. http://blog.avisi.nl/2012/11/22/consuming-oauth-secured-soap-webservices-using-spring-ws-axiom-signpost/

Overall Spring security can secure SOAP and REST-ful webservices
0
 
roy_sanuAuthor Commented:
There's no blueprint for where I should be. I see myself as a young, good actor who still has a lot to learn. There's nobody at any point in their career who is the finished article. Thanks for all the input, Hope i will cherish this on my
small register called memory...

Thank you Dear...
0
 
btanExec ConsultantCommented:
thanks for sharing
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.