How secure Rest-API by token
-
21-12-2019 - |
Question
i use spring data rest 2.1 and would like secure my rest api, what is the best way to secure the api by token. I would have an process like the following steps. Is it also possible to change the base url from / to /api , but my controllers like 'home' would also display the jsp side from /home but not from /api/..
- User go to login site
- User login and get an token from server
- User go to dashboard site and js do ajax call and set HTTP-Header Field 'X_AUTH_TOKEN' with token
Solution
You could configure base URI for you API using RepositoryRestConfiguration
. Something like this:
@Configuration
public static class RepositoryConfig extends
RepositoryRestMvcConfiguration {
@Override
protected void configureRepositoryRestConfiguration(
RepositoryRestConfiguration config) {
try {
config.setBaseUri(new URI("/api"));
} catch (URISyntaxException e) {
throw new RuntimeException(e);
}
}
}
You could add security using Spring-Security or if you like a simple custom solution use Spring Interceptor
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow