What you'll learn
Would you ever give out your credit card number to an unidentified text? Yet, we do this whenever we expose REST API functionality without knowing who is making the request.
In this project, you'll reinforce the concepts learned in the Securing Spring Data REST APIs course by securing a real-world REST API. You'll learn different authentication mechanisms:
- HTTP Basic
- JWT
- Opaque Token
- several authorization techniques
- how to enable CORS for ingress and filter functions for egress
Table of contents
- Set up your local environment for this project. We'll walk you through everything you need to know, including how to install and configure your environment to be able to complete all of the tasks.
- In this module, you'll create a REST API that authenticates with a username and password against a database.
- Now that you can authenticate, in this module, you'll build authorization rules into your REST API. You'll focus on method-based security.
- In this module, you'll configure the REST API to perform a CORS handshake so that it can be used by clients from a different hostname.
- In this module, you'll add JWT-based Bearer Token Authentication as a more secure alternative to HTTP Basic.
- In this module, you'll change JWTs out for Opaque Tokens for additional security.
- In this module, you'll create a more secure CORS setup as well as a secure handshake between `Resolutions` and another REST API.