CODEWITHSUNDEEP
springrestapipasswords
Jakub Kvba
Jakub Kvba

Reputation: 541

How to send password String in rest call in REST Api in Spring?

Hi!

I have made a basic user authentication with Spring Boot's Spring Security. I am adding some default users at the start of the application, but I also have to implement a way of creating a new user at runtime. So, I want to create a new RestControler call to add a new user to Spring Security.

To be clear, I think I have everyting figured out, except for the part when I actally send request paramaters in a call.

So, my question is:

What is the best/safest way to send password in a rest api call, when creating a new user?

I guess using a @PathVariable is not very safe, as the url calls can be intercepted easily:

@RequestMapping(value = "add/{login}/{password}", method = PUT)
public User add(@PathVariable("login") String login,
                @PathVariable("password") String password) {

    return us.addUser(login, password);
}

The same for @RequestParam:

@RequestMapping(value = "add", method = PUT)
public User add(@RequestParam(value = "login") String login,
                @RequestParam(value = "password") String password) {

    return us.addUser(login, password);
}

Maybe sending them in headers?

Anyhow, this is the first time I do something like this and could really use an advice on what is the common practice in this situations. Cheers!

Upvotes: 4

Views: 3276

Answers (1)

Ihor Dobrovolskyi
Ihor Dobrovolskyi

Reputation: 1241

Firstly, you should use the POST method instead of PUT, because PUT is an idempotent method.

The safest way to send password is using @RequestBody. You can use the method like this:

@RequestMapping(value = "add", method = POST)
public User add(@RequestBody User user) {

    return us.addUser(user);
}

The request will look something like this:

{"username" : "user", "password" : "encoded_password"}

Upvotes: 2

Related Questions