问题描述
我正在编写一个 Spring Restful Web 服务项目.我需要编写安全的 Web 服务.对于安全性,我已经在使用 Spring Security+SSL,但是现在我需要一些 安全性 用于 加密和消息签名.我知道如何从代码加密消息,但是我正在寻找一种机制来启用自动加密/解密和消息签名.
I am writing a Spring Restful Web Services Project. I need to write secure Web Services. For Security I am already using Spring Security+SSL, however now i need some security for encryption and message signing. I know how to encrypt the message from code, however i am looking for a mechanism to enable automatic encryption/decryption and message signing.
我一直在寻找不同的安全替代方案,包括 spring WSS 和其他方案,但其中大部分是针对 SOAP.有人可以建议我一些更好的安全机制和相同的链接.
I have been searching for different alternatives for security including spring WSS and others but most of them are for SOAP. Could some one suggest me some better security mechanism and a link for the same.
推荐答案
有多种方法可以保护您的 Restful Web 服务,不幸的是,有许多链接提供了保护 Soap Web 服务的信息,但是随着 Restful 越来越流行,它是找到一种方法来保护和找到一种方法来管理您的 Restful Web 服务的会话是非常必要的.因此,要通过宁静的支持来保护我的 Spring MVC,您至少需要考虑三个方面
There are multiple ways to secure your restful webservices, unfortunately there are many links which provides information to secure a soap web services, but as restful gaining popularity, it is of utmost necessity to find a way to secure and to find a way to manage sessions of your restful web service.So to secure my Spring MVC with restful support, You need to atleast consider for three Aspect
1) 身份验证.-- 可以使用 Spring Security 进行身份验证.
2) 授权.-- 可以使用 OAuth 授权请求.
3) 保证通信安全.-- SSL 可用于保护通信通道.
4)加密——再次Oauth可以解决目的
5) 消息签名.-- 再次Oauth可以解决目的
所以,可以使用 spring security + OAuth 来保护一个安静的 web 服务.可以使用的其他安全机制是 Http Basic Security 和 Digest Security.
So , to secure a restful webservice spring security + OAuth can be used. The other security mechanisms which can be used are Http Basic Security and Digest Security.
这是一个很好的例子,用 spring 安全保护一个 spring 宁静的 web 服务:http://java.dzone.com/articles/securing-restful-web-service
Here is a very good example securing a spring restful webservice with spring security:http://java.dzone.com/articles/securing-restful-web-service
还可以将 Spring Security 与 OAuth 结合使用,您可以按照本教程进行操作:
Also to use spring security in conjunction with OAuth you can follow this tutorial:
这篇关于Spring Restful Web 服务的安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!