How secure Rest-API by token

StackOverflow https://stackoverflow.com//questions/25017288

  •  21-12-2019
  •  | 
  •  

Question

i use spring data rest 2.1 and would like secure my rest api, what is the best way to secure the api by token. I would have an process like the following steps. Is it also possible to change the base url from / to /api , but my controllers like 'home' would also display the jsp side from /home but not from /api/..

  1. User go to login site
  2. User login and get an token from server
  3. User go to dashboard site and js do ajax call and set HTTP-Header Field 'X_AUTH_TOKEN' with token
Was it helpful?

Solution

You could configure base URI for you API using RepositoryRestConfiguration. Something like this:

@Configuration
public static class RepositoryConfig extends
        RepositoryRestMvcConfiguration {

    @Override
    protected void configureRepositoryRestConfiguration(
            RepositoryRestConfiguration config) {
        try {
            config.setBaseUri(new URI("/api"));
        } catch (URISyntaxException e) {
            throw new RuntimeException(e);
        }
    }
}

You could add security using Spring-Security or if you like a simple custom solution use Spring Interceptor

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top