I want to create a Java based REST API and secure it using OAuth.
Are there any recommended how tos or best practices for accomplishing this?
Another question- I want to bind smart GWT components to the REST data source, and I am confused about authentication- how do I ensure that only a user who is logged in, will be able to update/delete/create/insert data using the REST data source?
There are many other ways, but I use Spring and Spring Security. It has lots of different security filters to secure your REST APIs which includes OAuth. The social libraries include a lot of controllers (part of MVC) that are useful "out of the box" OAuth with other sites.
Getting started with Spring Security is easy and should just involve: modifications to the web.xml (adding a "springSecurityFilterChain"), designing a security context with rules and an OAuth security filter. So, searching for something like "Spring Security Tutorial" will walk you through ways to do this.
