Question from java beginner
What is the best solution, protocol or framework to secure the access to some java SOAP/REST web services (tutorials) ?
Anything related to spring-security (tutorials) ?
By securing access, i mean authentication and authorization.
I think you should use OAuth2 framework for authorization, and it has an implementation in spring-security. OAuth2 is widely used by Facebook, google, Linkedin.
as for SOAP API you may wanna check this link
Secure Web Services: REST over HTTPS vs SOAP + WS-Security. Which is better?
I would recomend taking a look at Keycloak, it has been very good for us, allows a lot of customization and it's rather easy to deploy and integrate on any app.
Integrated SSO and IDM for browser apps and RESTful web services. Built on top of the OAuth 2.0, Open ID Connect, JSON Web Token (JWT) and SAML 2.0 specifications. Keycloak has tight integration with a variety of platforms and has a HTTP security proxy service where we don't have tight integration. Options are to deploy it with an existing app server, as a black-box appliance, or as an Openshift cloud service and/or cartridge.
