Jan 1st, 2012, 07:54 AM
Secure REST Web service + trust client
could you provide a simple example to secure a REST Web Service with Spring Security and OAuth 2.0 ?
In fact, i have look at the samples in the github repository but i am not sure to have understood if i need everything in the sparkl and tonr configurations.
My need is that i have a web site which has to access the REST WS. It is a kind of 2 legged oauth but for oAuth 2.0. I don't need 3-legged oauth, because the user has no login on the REST WS application. I want my website to have direct access to the REST ws (trust client). I want to do only Client Credentials Flow for this case.
My REST WS and my Web site client are both done with Spring MVC.
Could you please provide a simple example of applicationContext.xml for the provider and client with Spring Security and oAuth 2.0, as i have some difficulties with the current documentation ?
Thanks you, your help would be very appreciated.
Jan 2nd, 2012, 03:48 AM
I'm not sure you really need OAuth to do a simple client app authentication - a shared secret and HTTP basic auth will work. But if you do want to use client credentials and OAuth2 you need an Authorization Server to issue the tokens as well as your client and the Resource Server (REST WS). In the case of the sample sparklr2 plays both roles, and supports client credentials, so you could just copy that, and leave out anything that is not specifically client credentials related. Everything you need is supported through the XML namespace and is exposed as an example in sparklr2, unless I am missing something.
Tags for this Thread