How do I set up a web application with OAuth2 authentication, where the web application connects to two underlying REST services (through client-side JavaScript from the user's browser)?
I am controlling all servers, and I need to make sure that nobody accesses the web application and the REST services without authentication.
How should this be done?
Should I configure all three servers (the web application and the two REST services) using a single application id?
BTW:I plan to use IdentityServer4 as the authentication server.
Best regards,
Morten :-)
Related
In a application, we have two web services which interact with each other. Now as these web services are meant for internal processing that should not be exposed to external users. How can we secure these web services in way that user cannot access these two webservice but can access other web services.
I am working on a microservices application that has a webapp backend consuming a RESTful web service endpoint.
I use IntelliJ and I would like to see the traffic (requests, responses, headers, etc.) between the webapp backend (the client) and the web service endpoint.
How is that possible?
Note:
I have tried using the bundled REST Client but it is just meant to issue requests to a web service endpoint.
The chrome console is of no use either because it just monitor the traffic between the SPA and the webapp backend...
My webapp and endpoint are developed in Spring/Java.
I have a web service hosted in a JBoss AS. Add a app running on Google App Engine. Now I want to access my web service hosted in JBoss AS only by my App Engine app and I want to restrict others from accessing my web service. How can I do that? Please help.
Use the AppEngine URL Fetch Service to call your JBoss web services from your AppEngine app. Use the HTTPS option to secure the network connection. Furthermore create request headers and payload such as to satisfy whatever JBoss security requirements you can establish between JBoss and AppEngine (for example client user authentication).
I am trying to write a web service client using Jax-ws for a secured webservice hosted by a third party. While doing so, I am facing a lot of issues and somehow wanted to find out if the issue is with my client or the hosted web service.
Do we have any publicly available and free secure web services on the internet? I can find many non secure services.
Have a look at this URL:
http://www.webservicex.net/ws/wscatlist.aspx
... where you can find a bunch of published webservices.
I exposing EJB3.0 stateless session bean as web service using JAX-WS annotations and right now I'm using JBOSS5.1.0 GA as application server and JBOSSWS is generating the WSDL for me when I deploy the EAR.
Now I want to secure the web services by providing authentication and encryption-decryption on the SOAP messages. How do I can achieve that, Is there any annotations available for both in JAX-WS (or) can I achieve by doing any configuration at EJB level. I do not want to do secure web services with respect to JBOSS, because I want to deploy the same EAR in different application as well.
So please help me to build the generic EJB3.0 web services bean with the security implementation ., Thanks a lot in advance
Concerning SOAP WebServices, you can a lot of posts in this forum related to your question. In particular in User authenticate in SOAP I've mentioned that there several ways to authenticate the client.
Supposing that you want to authenticate the client by X.509 certificate. Then:
For JBossWS refer WS-SecurityOptions – X509 Certificate Token
For Metro/JAX-WS services refer Using JAX-WS-Based Web Services with SSL
For Apache CXF refer WS-Security
For Spring Security refer Spring Security With X.509 Certificate