Questions tagged [restful-authentication]

Questions about authentication for RESTful services.

Services designed using REpresentational State Transfer architecture must often authenticate clients. How best to do this can be a complex topic, as in true REST each client request to the server will contain all the information necessary to complete it (including authentication).

Resources

1447 questions
10
votes
2 answers

Authentication without Role in web.xml in JBoss AS 7

For a RESTful enterprise application I need all calls to be authenticated, but I cannot provide a common group/rolt that all users of the system have. I authenticate and authorize over LDAP (which should not make a difference for this issue). If I…
Frank
  • 423
  • 1
  • 7
  • 13
10
votes
3 answers

Call to a member function createToken() on null?

When I used the passport package , I encountered this error Call to a member function createToken() on null Why do I get this error? This is my code : $users = Users::where('Email' , $username) ->where( 'Password' , $password) …
reza baghiee
  • 352
  • 1
  • 7
  • 18
10
votes
2 answers

Combining Flask-restless, Flask-security and regular Python requests

My goal is to provide a REST API to my web application. Using: Python 2.7.5 Flask==0.10.1 Flask-Restless==0.13.1 Flask-Security==1.7.3 I need to secure access to my data for both web and REST access. However, I am unable to get any regular python…
Nic
  • 3,365
  • 3
  • 20
  • 31
10
votes
3 answers

Inadvertent Session Hijacking Issue With Restful Authentication

I'm using the current version of restful_authentication that is found on github and I'm having a bunch of strange session issues. The server seems to be somehow assigning sessions to users it shouldn't be. This only happens when crossing the logged…
Jared
  • 2,408
  • 2
  • 19
  • 33
10
votes
2 answers

web.xml, using form and basic authentication simultaneously

I have setup FORM-authentication within web.xml (java-webcontainer) successfully. I did not find a way to sent the username/password within the get-request of the restful-uri from my client when using FORM-Authentication. So I have to use…
nimo23
  • 5,170
  • 10
  • 46
  • 75
10
votes
1 answer

RESTful-Authentication or Authlogic?

I'm having trouble deciding between the two. They both seem like great plugins but I'd like to know which is easier to control. What are your guy's experiences with these plugins? Which would you recommend?
9
votes
1 answer

Recommended configuration for both web client and mobile REST api security

I realize there are a ton of questions on this subject, and I have been researching this for a couple days now. I want to make sure my question is as specific as possible since I have yet to gain a full understanding of the best approach. Currently…
jdi
  • 90,542
  • 19
  • 167
  • 203
9
votes
1 answer

Rails 3 RESTful Authentication - uninitialized constant ApplicationController::AuthenticatedSystem

Just installed the upgraded restful_authentication plugin for Rails 3 from https://github.com/Satish/restful-authentication. I'm trying to include code from the plugin in my application helper as follows: class ApplicationController <…
Richard Stokes
  • 3,532
  • 7
  • 41
  • 57
9
votes
3 answers

Am I designing this WCF RESTful interface correctly?

I am creating a WCF webservice with WcF Authentication Service and the first set of functions I need is to manage an inbox for a client. The client will be determined by the authentication. This is my attempt at a RESTful design of the…
Jason
  • 16,739
  • 23
  • 87
  • 137
9
votes
1 answer

Java Restful Web Services (jax rs) authentication pattern

I have started using JAX-RS to created a simple restful interface to my web application. Currently, it is only being used (read only) by one internal client which has access to all application data, and I am using http basic authentication for…
9
votes
1 answer

JWT strings must contain exactly 2 period characters. Found: 0

I have this class that uses JSON Web Token Support For The JVM to create and validate JWT tokens @Component public class JwtTokenUtil implements Serializable { private static final long serialVersionUID = -3301605592208950415L; private…
Nuñito Calzada
  • 4,394
  • 47
  • 174
  • 301
9
votes
1 answer

Implementing JWT Authentication on Spring Boot APIs

I have a SpringBoot 2.0.2.RELEASE web application, with this config file: @Override protected void configure(HttpSecurity http) throws Exception { final List activeProfiles = Arrays.asList(env.getActiveProfiles()); if…
Nuñito Calzada
  • 4,394
  • 47
  • 174
  • 301
9
votes
2 answers

How to do Rest Authentication with JAX-RS

I am looking for some pointers on how to secure my rest root resource @Path("/employee") public class EmployeeResource { @GET @Produces("text/html") public String get( @QueryParam("name") String empname, …
BinCode
  • 633
  • 3
  • 12
  • 22
9
votes
1 answer

JSON API REST endpoint with permissions-restricted fields

JSON API REST endpoint with permissions-restricted fields I am working on a JSON API-compliant REST api. Some endpoints contain fields that should be restricted (read-only or not available) for certain users. What is the best way to architect the…
9
votes
1 answer

Securing REST endpoint using spring security

I am trying to provide security to the REST endpoints. I am following instructions from this page. In my case I don't have view hence I haven't created controller to specify the views and haven't added viewResolver in my AppConfig.java After…