jinal
Reputation: 81
Securing spring mvc REST api using siteminder
I have written REST web service in java using spring MVC. As this service is stateless, how I can secure it using siteminder? For login authentication, we are using siteminder at frontend.
Upvotes: 3
Views: 634
Answers (1)
Richard Sand
Reputation: 674
You can protect the web services URLs with CA SSO (aka SiteMinder) the same way you protect the user-facing parts of your website. Just create realms/rules/policies for the URLs. But there are some caveats/tricks:
- Include the SM session cookie in the client request
- Remember if the cookie is flagged HttpOnly, it won't work
- Use BASIC authentication for the realms - this way, your clients will receive a 401 if they aren't authenticated/authorized
- Also be wary of CORS restrictions if your web services aren't on the same hostname as the main page(s) of your app
HTH!
Upvotes: 2
Related Questions
- Spring security, AJAX and SiteMinder
- How to secure REST API (and not the views) with Spring Security?
- Securing REST endpoint using spring security
- Spring Security with REST API
- Spring Security for Web MVC and REST
- How can secure a REST web service?
- Integrating Spring Security with SiteMinder
- Securing REST API with Spring Security
- Spring Security authenticating RESTful web service
- How to secure the RESTful webservices created using Springs's REST Api?