Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
We want to use WSO2 AM or IS for authentication and authorization.
We have below main requirements.
WSO2 should be able to Authenticate user
We want to configure API access level in WSO2 example: ROLE based
Authorization (or Policy based ) where we can configure who can
access which web API with Http verb. (In the WSO2 API management,
each user have to subscribe the publish api but I do not want to give
the subscription process for the user)
We should be able dynamically to add/update/delete users, update
Authorization policies/ roles through WSO2 API.
A user can generate a token by rest call and they can access all
application without subscribing Any api.
All these features are available out of the box in WSO2 API Manager. Please go through the following document.
https://docs.wso2.com/display/AM260/Quick+Start+Guide
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
This question is not about what use to securing the microservices like Oauth2 or JWT, but what is better strategy for deal it with it.
What should we choose? Please, if has another tip will be welcome!
An authentication and authorization service (AuthService) isolated out of microservices:
Microservice must call AuthService before process the request. (like a Middleware)
Microservice has to do its own authentication and authorization.
The AuthService always recieves the calls and do the transference for microservice (like a Gateway)
Implement a Backend For Frontend (BFF) and itself do it auth and calls for the others microservices.
This last one, some friend have talked about to me buuut... On case that you have to scaling 1 or 2 microservices, you have to scaling vertically the BFF too. That's a weird to me.
Normally authentication and authorization is at microservice level. But authentication service/database should be outside and internal to microservice, enable cache to minimise calls to Auth service and to minimise API latency.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
I am a beginner in spring boot api . Currently I am through the videos and practicing the programming.
I am developing the application locally using intellij and ultimately aim to deploy to either Google cloud or AWS.
If I want to secure the api using oauth2 then is there any additional cost I need to consider like for eg., authorization server . What all I need to consider like cost, server, platform to deploy etc roughly before I start implementing REST api?any examples to guide for a beginner?
To secure your REST API, we will have to do the following things:
1- Configure Spring Security and the database.
2- Configure the authorization server and resource server.(you need to Create an Authorization Server)
3- Get an access token and a refresh token.
4- Get a protected Resource (REST API) using an access token.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I have REST endpoint that provide authentication and authorization service. This endpoint use Spring Security and OAuth2. In Other side i have an other webApp for UI that consume REST service. I want to use Spring Security in UI webApp that use REST Service for get token and roles. How can I do it? Is there any AuthenticationProvider for this or I must implement custom class?
You need to make your Rest Service an OAuth2 resource server. If you need to transport Roles and other info in your token, I suggest using JSON Web Token (JWT). Take a look at this tutorial which has full source on GitHub
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I need to create vm's in google compute engine. Through google OAuth playground i can create VM, using REST service calls. Same thing i want to do using JAVA as a normal program. For this i have endpoint and request payload. I am not able to understand how we can do OAuth using java. If i pass my gmail credentials in headers Authorization, it is giving like HTTP HTTP Basic Authentication is not supported for this API. Kindly suggest me how i can call those REST endpoint. Please send me step by steps or any sites.
Use the google-api-client library for Java
Use a service
account to authenticate
Never use your username/password in API calls or code !
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I'm trying to develope a project in java where I'll have 3 different applications running on 3 different servers profiles(IBM WebSphere sevrer).
Application details...
1. Service app1 & Service App2.... When come one sends request to access resources of this app it will first check wherther user is a authorise user or not if no redirect for authentication or if authorise allow him to access the resource.
2. IdV App... this will aithorise the user by asking for user details and if authorize successfully assign saml token to user and redirect to the app from which it got request to authorize the user.
Note : I have searched a lot over internet and gone through the web service guide given by ibm guys also but I didn't found any concreate solution guiding the the way to implement this scenarion.
Guys Please suggest concreate solutions.
Please write proper comment if you are making negative comment.
After a lot of gooogle finally I found this website which will help step by step that how to setup SAML.
http://wiki.servicenow.com/index.php?title=SAML_2.0_Web_Browser_SSO_Profile