By Anirban Sen Chowdhary. We often required to secure our web services specially those are accessed by the external world. What about securing a RESTful.

Slides:



Advertisements
Similar presentations
LiNC Developer Meetup Welcome!. Our job is to make your life easier APIs Tools and workflow Documentation Stay in touch: developers.lithium.com Join the.
Advertisements

Struts Portlet Copyright © Liferay, Inc. All Rights Reserved. No material may be reproduced electronically or in print without written permission.
Central Authentication Service (CAS). What is CAS? JA-SIG Central Authentication Service is an enterprise level, open-source, single sign on solution.
FI-WARE Testbed Access Control temporary solution.
Part 2.  Arrays  Functions  Passing Variables in a URL  Passing variables with forms  Sessions.
Prabath Siriwardena | Johann Nallathamby.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
The Basic Authentication Scheme of HTTP. Access Restriction Sometimes, we want to restrict access to certain Web pages to certain users A user is identified.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Web Application Security Representation and Management of Data on the Web.
SPC204 Security Problems in SharePoint 2010 Authentication and Authorization.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Oracle Financials – APEX Presented by : Ian Drever Chitra Kanakaraj The University of Waikato.
Another Method to Open WebSpace as a Web Folder Alternative Method for Creating Web Folder in WebSpace, Slide 1Copyright © 2004, Jim Schwab, University.
Managing Clients in the IEZ Quote System Objective: Become an expert in managing your clients in the IEZ Quote System.
Go to the website and highlight the address. Once highlighted, right click the highlight once, and select copy.
Joining an eService Class. Open your browser and go to this website: Step 1: Go to website.
Nic Shulver, Introduction to Sessions in PHP Sessions What is a session? Example Software Software Organisation The login HTML.
SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.
Web Database Programming Week 7 Session Management & Authentication.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 The SqlConnection Object ADO.NET - Lesson 02  Training time: 10 minutes 
HTML, Third Edition--Illustrated Brief 1 HTML, Third Edition Illustrated Brief Unit A Creating an HTML Document.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP Headers Client IP Address HTTP User Login FAT URLs Cookies.
Enabling Cloud Native Security with Multi-Tenant UAA
Access control 2/18/2009. TOMCAT Security Model Declarative Security:  the expression of application security external to the application, and it allows.
23 Mar 2004 HKedCity membership database Login Flash provided by HKedCity Third party web server User’s Browser Login info Result through HTTP Login System.
These slides are to help those students who have previously used MyMathLab (previously called CourseCompass) in MA 15200, MA or MA 15910, MA 11100,
Esri UC 2014 | Demo Theater | Using ArcGIS Online App Logins in Node.js James Tedrick.
OpenEMR: Getting Started Based on OpenEMR version 4.1 Laboratory Informatics Institute January 2014.
Secure Mobile Development with NetIQ Access Manager
#SummitNow Consuming OAuth Services in Alfresco Share Alfresco Summit 2013 Will Abson
Azure Active Directory is becoming one of, if not the, primary user identity management services for cloud applications. One of Azure Active Directory's.
Pennsylvania Department of Education School Climate Surveys September, >
Google Analytics implementation On this tutorial I will show you how to set up an Google Analytics account and how to connect it to a Wordpress website.
How to Enable Account Key Sign Instead Of Password In Yahoo? For more details:
Version 0.1 Draft – For Review Murali Mohan Murthy
562: Power of Single Sign-On in OpenEdge
Consuming OAuth Services in Alfresco Share
Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd
API Security Auditing Be Aware,Be Safe
Migrating SharePoint Add-ins from Azure ACS to Azure AD
Data Virtualization Tutorial… OAuth Example using Google Sheets
4Schools Adding a Web Page.
Hypertext Transport Protocol
What is REST API ? A REST (Representational State Transfer) Server simply provides access to resources and the REST client accesses and presents the.
All about social networking
Addressing the Beast: Single Sign-On II
SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities Yuchen Zhou, and David Evans 23rd USENIX Security Symposium, August,
PRESENTATION FOR WEB LOGIN
Password: (Case sensitive) – #Basic123
Web-based Console for Controlling a Wireless Sensor Network (WeConWSN)
CS320 Web and Internet Programming Cookies and Session Tracking
Configuring Internet-related services
Powerschool for Parents
Navigating support.arcserve.com
Agenda OAuth Concepts Programming OAuth.
These slides are to help those students who have previously used MyMathLab (or CourseCompass) in MA15200, MA22000 MA15910, MA11100, or another math course.
SharePoint Online Authentication Patterns
Office 365 Development.
TechEd /22/2019 9:22 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Joining an eService Class.
Joining an eService Class.
Virtual Learning Environment
Building production-ready APIs with ASP.NET Core 2.2
Web API with Angular 2 Front End
Access Anywhere Users Manual.
CS5220 Advanced Topics in Web Programming Secure REST API
Test Automation For Web-Based Applications
APPLYING FOR A FSA ID
Computer Network Information Center, Chinese Academy of Sciences
Presentation transcript:

By Anirban Sen Chowdhary

We often required to secure our web services specially those are accessed by the external world. What about securing a RESTful web services ???

Yes.. We can.. I will show you this trick.. How ??

We can easily secure our REST service using OAUTH 2.0

For implementing OAUTH 2.0 in our REST web service we require 3 steps :- Authorisation to obtain a secret code Use that secret code to obtain an access_token Use the access_token to validate and access the web service

Let us we have following Mule flow:- Here is our web service which will be secured by using OAUTH 2.0 security. You can see the OAUTH 2.0 component is placed between HTTP and CXF component which will validate the access_token and will permit to accesses the web service

The corresponding Mule flow will be as follows:- Here is you can see OAUTH 2.0 is validating the access_token coming from HTTP

Here you can see we have configured the Spring security with username and password to obtain a secret code. Also in oauth2 provider config we configured client id and client secret

Now we will go with first step : Step 1 :- Authorisation to obtain a secret code We will put the following url in browser : c6dd6a022f&scope=READ_BOOKSHELF&redirect_uri= You can see we are passing client id and client code in our url and we will get the above page for login

We will be providing the username and password configure in our Spring security in Mule Config:- username john and password is doe in our case, and we will hit login and Authorize button

We will get a secrete code in browser url as following :- We will use that secret code to obtain an access_token

Now we will go with second step : Step 2 :- Use that secret code to obtain an access_token We need to include the secret code in our url as follows : c6dd6a022f&client_secret=ee9acaa2-f08a-11e1-bc20- 96c6dd6a022f&code=lkE9VJmNmTBbzVl1plkMffuj3jlIOavtWeaWsxk3gVMglbfo_dvGnX9HJoXMSOGPw29E2H00kwX8 5YOxNlLFTg&redirect_uri= We will use that secret code to obtain an access_token. And now you can see we got the access_token in the browser. And this access_token will be using to access our web service

Now we will go with third step : Step 3 :- Use the access_token to validate and access the web service We need the access_token to be pass as a header when accessing web service as follows You can see we are using REST Client for testing our web service and passing the access_token in the header

Now, you can see that if we hit the web service in the REST Client with the an access_token in the header, the secured service is providing the response

In my next slide I will bring some other techniques in Mule implementation. Hope you have enjoyed this simpler version. Keep sharing your knowledge and let our Mule community grow

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.