Presentation is loading. Please wait.

Presentation is loading. Please wait.

By Anirban Sen Chowdhary. We often required to secure our web services specially those are accessed by the external world. What about securing a RESTful.

Published byCatherine Atkinson Modified over 8 years ago

Similar presentations

Presentation on theme: "By Anirban Sen Chowdhary. We often required to secure our web services specially those are accessed by the external world. What about securing a RESTful."— Presentation transcript:

1 By Anirban Sen Chowdhary

2 We often required to secure our web services specially those are accessed by the external world. What about securing a RESTful web services ???

3

4 Yes.. We can.. I will show you this trick.. How ??

5 We can easily secure our REST service using OAUTH 2.0

6 For implementing OAUTH 2.0 in our REST web service we require 3 steps :- Authorisation to obtain a secret code Use that secret code to obtain an access_token Use the access_token to validate and access the web service

7 Let us we have following Mule flow:- Here is our web service which will be secured by using OAUTH 2.0 security. You can see the OAUTH 2.0 component is placed between HTTP and CXF component which will validate the access_token and will permit to accesses the web service

8 The corresponding Mule flow will be as follows:- Here is you can see OAUTH 2.0 is validating the access_token coming from HTTP

9 Here you can see we have configured the Spring security with username and password to obtain a secret code. Also in oauth2 provider config we configured client id and client secret

10

11 Now we will go with first step : Step 1 :- Authorisation to obtain a secret code We will put the following url in browser :- http://localhost:8084/tweetbook/api/authorize?response_type=code&client_id=e7aaf348-f08a-11e1- 9237-96c6dd6a022f&scope=READ_BOOKSHELF&redirect_uri=http://localhost:8082/getData/insert You can see we are passing client id and client code in our url and we will get the above page for login

12 We will be providing the username and password configure in our Spring security in Mule Config:- username john and password is doe in our case, and we will hit login and Authorize button

13 We will get a secrete code in browser url as following :- We will use that secret code to obtain an access_token

14

15 Now we will go with second step : Step 2 :- Use that secret code to obtain an access_token We need to include the secret code in our url as follows :- http://localhost:8084/tweetbook/api/token?grant_type=AUTHORIZATION_CODE&client_id=e7aaf348-f08a-11e1- 9237-96c6dd6a022f&client_secret=ee9acaa2-f08a-11e1-bc20- 96c6dd6a022f&code=lkE9VJmNmTBbzVl1plkMffuj3jlIOavtWeaWsxk3gVMglbfo_dvGnX9HJoXMSOGPw29E2H00kwX8 5YOxNlLFTg&redirect_uri=http://localhost:8082/getData/insert We will use that secret code to obtain an access_token. And now you can see we got the access_token in the browser. And this access_token will be using to access our web service

16

17 Now we will go with third step : Step 3 :- Use the access_token to validate and access the web service We need the access_token to be pass as a header when accessing web service as follows You can see we are using REST Client for testing our web service and passing the access_token in the header

18 Now, you can see that if we hit the web service in the REST Client with the an access_token in the header, the secured service is providing the response

19 In my next slide I will bring some other techniques in Mule implementation. Hope you have enjoyed this simpler version. Keep sharing your knowledge and let our Mule community grow

20

Download ppt "By Anirban Sen Chowdhary. We often required to secure our web services specially those are accessed by the external world. What about securing a RESTful."

Similar presentations

LiNC Developer Meetup Welcome!. Our job is to make your life easier APIs Tools and workflow Documentation Stay in touch: developers.lithium.com Join the.

LiNC Developer Meetup Welcome!. Our job is to make your life easier APIs Tools and workflow Documentation Stay in touch: developers.lithium.com Join the.
Struts Portlet Copyright © 2000-2006 Liferay, Inc. All Rights Reserved. No material may be reproduced electronically or in print without written permission.

Struts Portlet Copyright © Liferay, Inc. All Rights Reserved. No material may be reproduced electronically or in print without written permission.
Central Authentication Service (CAS). What is CAS? JA-SIG Central Authentication Service is an enterprise level, open-source, single sign on solution.

Central Authentication Service (CAS). What is CAS? JA-SIG Central Authentication Service is an enterprise level, open-source, single sign on solution.
FI-WARE Testbed Access Control temporary solution.

FI-WARE Testbed Access Control temporary solution.
Part 2.  Arrays  Functions  Passing Variables in a URL  Passing variables with forms  Sessions.

Part 2.  Arrays  Functions  Passing Variables in a URL  Passing variables with forms  Sessions.
Prabath Siriwardena | Johann Nallathamby.

Prabath Siriwardena | Johann Nallathamby.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
The Basic Authentication Scheme of HTTP. Access Restriction Sometimes, we want to restrict access to certain Web pages to certain users A user is identified.

The Basic Authentication Scheme of HTTP. Access Restriction Sometimes, we want to restrict access to certain Web pages to certain users A user is identified.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Web Application Security Representation and Management of Data on the Web.

Web Application Security Representation and Management of Data on the Web.
SPC204 Security Problems in SharePoint 2010 Authentication and Authorization.

SPC204 Security Problems in SharePoint 2010 Authentication and Authorization.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Oracle Financials – APEX Presented by : Ian Drever Chitra Kanakaraj The University of Waikato.

Oracle Financials – APEX Presented by : Ian Drever Chitra Kanakaraj The University of Waikato.
Another Method to Open WebSpace as a Web Folder Alternative Method for Creating Web Folder in WebSpace, Slide 1Copyright © 2004, Jim Schwab, University.

Another Method to Open WebSpace as a Web Folder Alternative Method for Creating Web Folder in WebSpace, Slide 1Copyright © 2004, Jim Schwab, University.
Managing Clients in the IEZ Quote System Objective: Become an expert in managing your clients in the IEZ Quote System.

Managing Clients in the IEZ Quote System Objective: Become an expert in managing your clients in the IEZ Quote System.
Go to the website and highlight the address. Once highlighted, right click the highlight once, and select copy.

Go to the website and highlight the address. Once highlighted, right click the highlight once, and select copy.
Joining an eService Class. Open your browser and go to this website: www.classzone.com/eservices Step 1: Go to website.

Joining an eService Class. Open your browser and go to this website: Step 1: Go to website.
Nic Shulver, Introduction to Sessions in PHP Sessions What is a session? Example Software Software Organisation The login HTML.

Nic Shulver, Introduction to Sessions in PHP Sessions What is a session? Example Software Software Organisation The login HTML.
SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.

SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.
Web Database Programming Week 7 Session Management & Authentication.

Web Database Programming Week 7 Session Management & Authentication.

Similar presentations

Ads by Google