Securing a REST API in Java

java api security rest jersey
10,607

Solution 1

There are several frameworks to do secure Java RESTful web services. I would recommend "Apache Shiro" (http://shiro.apache.org/), it is a very nice and easy to use security framework that will allow you to implement the API token security scheme you mention. Take a look at this response: REST API key generation strategy (where I gave some insights on creating such a solution).

There are other security frameworks you can use, namely Java EE has support for security and also Spring provides support for security. Take a look at this very nice presentation by Matt Raible where he presents and demos these three frameworks: http://www.slideshare.net/mraible/java-web-application-security-denver-jug-2013

Avoid to implement "your own security scheme" (if you are not an expert in the topic...), there are many issues that may be overlooked and lead to problems... normally these frameworks help a lot on avoiding that.

HTH.

Solution 2

You can take a look at OAuth. Its widely adopted and there are libraries that help you implement the protocol

Share:
10,607
jcm
Author by

jcm

Updated on June 09, 2022

Comments

  • jcm
    jcm almost 2 years

    I am building a REST API in Java - using Jersey. I want to secure sensitive API calls with an API token security scheme, but I don't have any idea where to start.

    Is there a framework that will do this for me out of the box? Or do I have to implement my own security scheme?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Jersey: what does "couldn't find grammar element" mean?
JAX-RS 2.0 Filter parameters via @NameBinding annotation
Selecting multiple files and uploading them using Jersey
NoSuchFieldError: INCLUDE_ALL (Web Service)
REST API - GET Method with input parameter as JAVA Object in body
Getting Insufficient scope for this resource using Spring Boot and OAuth2
Is it possible in Jersey to have access to an injected HttpServletRequest, instead of to a proxy
HTTPstatus 500 in deploying Jersey based Restful service project
REST-API Different Content-Type on Error Response
How can I put a cookie in Jersey RESTful webservice?