What you'll learn
Would you ever give out your credit card number to an unidentified text? Yet, we do this whenever we expose REST API functionality without knowing who is making the request.
In this project, you'll reinforce the concepts learned in the Securing Spring Data REST APIs course by securing a real-world REST API. You'll learn different authentication mechanisms:
- HTTP Basic
- JWT
- Opaque Token
- several authorization techniques
- how to enable CORS for ingress and filter functions for egress
Table of contents
- Set up your local environment for this project. We'll walk you through everything you need to know, including how to install and configure your environment to be able to complete all of the tasks.
- In this module, you'll create a REST API that authenticates with a username and password against a database.
- Now that you can authenticate, in this module, you'll build authorization rules into your REST API. You'll focus on method-based security.
- In this module, you'll configure the REST API to perform a CORS handshake so that it can be used by clients from a different hostname.
- In this module, you'll add JWT-based Bearer Token Authentication as a more secure alternative to HTTP Basic.
- In this module, you'll change JWTs out for Opaque Tokens for additional security.
- In this module, you'll create a more secure CORS setup as well as a secure handshake between `Resolutions` and another REST API.
About the author
Like many software craftsmen, Josh eats, sleeps, and dreams in code. He codes for fun, and his kids code for fun! Right now, Josh works as a full-time committer on Spring Security and loves every minute. Hailing from Salt Lake City, Utah, Josh loves to hike and be in the outdoors when he's not hacking away at some new Java library. He also loves to juggle, especially on every third Saturday in June. Application Security holds a special place in his heart, a place diametrically opposed to and cos... more
