I have written REST web service in java using spring MVC. As this service is stateless, how I can secure it using siteminder? For login authentication, we are using siteminder at frontend.
Asked
Active
Viewed 592 times
1 Answers
2
You can protect the web services URLs with CA SSO (aka SiteMinder) the same way you protect the user-facing parts of your website. Just create realms/rules/policies for the URLs. But there are some caveats/tricks:
- Include the SM session cookie in the client request
- Remember if the cookie is flagged HttpOnly, it won't work
- Use BASIC authentication for the realms - this way, your clients will receive a 401 if they aren't authenticated/authorized
- Also be wary of CORS restrictions if your web services aren't on the same hostname as the main page(s) of your app
HTH!
Richard Sand
- 642
- 6
- 20