问题描述

我正在使用Jersey构建一个Java API。我想使用API​​令牌安全方案来保护敏感的API调用，但我不知道从哪里开始。

I am building a REST API in Java - using Jersey. I want to secure sensitive API calls with an API token security scheme, but I don't have any idea where to start.

是否有一个框架可以执行此操作开箱即用？或者我是否必须实现自己的安全方案？

Is there a framework that will do this for me out of the box? Or do I have to implement my own security scheme?

推荐答案

有几个框架可以执行安全的Java RESTful Web服务。我推荐Apache Shiro（），它是一个非常好用且易于使用的安全框架，允许您实现您提到的API令牌安全方案。看看这个回复：（其中我给出了一些关于创建这样一个解决方案的见解）。

There are several frameworks to do secure Java RESTful web services. I would recommend "Apache Shiro" (http://shiro.apache.org/), it is a very nice and easy to use security framework that will allow you to implement the API token security scheme you mention. Take a look at this response: REST API key generation strategy (where I gave some insights on creating such a solution).

您可以使用其他安全框架，即Java EE支持安全性，Spring也提供安全支持。看看Matt Raible的这个非常好的演示文稿，他展示并演示了这三个框架：

There are other security frameworks you can use, namely Java EE has support for security and also Spring provides support for security. Take a look at this very nice presentation by Matt Raible where he presents and demos these three frameworks: http://www.slideshare.net/mraible/java-web-application-security-denver-jug-2013

避免实施您自己的安全方案（如果您不是该主题的专家......），有许多问题可能被忽视并导致问题...通常这些框架有助于避免这种情况。

Avoid to implement "your own security scheme" (if you are not an expert in the topic...), there are many issues that may be overlooked and lead to problems... normally these frameworks help a lot on avoiding that.

HTH。

这篇关于使用Java保护REST API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！