restful-authentication

问题 I develop a simple app that doesn't use (at least, at first) any third-party authorization. I want to create a RESTful api to be used by iOS/Android/whatever clients, so I've read a bunch of information about implementation of RESTful APIs. However, the usual ways of implementing them involve sending some sort of secure "token" that is used to sign the requests; this leaves the API vulnerable to man-in-the-middle attack, and recommended way to counter it is to use HTTPS. However, reading all

问题 I have an api that needs to implement security. But the filter is not invoked. my call pass directly to the endpoint... My Secure interface @NameBinding @Retention(RetentionPolicy.RUNTIME) @Target({ElementType.TYPE,ElementType.METHOD}) public @interface Seguro {} My Filter @Seguro @Provider @Priority(Priorities.AUTHENTICATION) public class FiltroAutenticacao implements ContainerRequestFilter { @Override public void filter(ContainerRequestContext requestContext) throws IOException { String

问题 i am looking to build a client to my RESTful hypermedia based API and after reviewing many options am learning towards oAuth* to become the de facto method for authorizing access to the API. I think i am understanding the overall oauth concepts, i.e. depending on the client (trusted or not) the spec provides several flows in order to "trust" the client (application) from the perspective of the resource owner (user) granting access to the client. Becuase the application i am building is

问题 I've built my first grails application. My URL mappings are what the default application provides: static mappings = { "/$controller/$action?/$id?"{ constraints { // apply constraints here } } "/"(view:"/index") "500"(view:'/error') } Senario I have a controller called ColorController with actions save and list . It simply does something like this: def save () { def colorInstance = new Color(params) colorInstance.save(flush: true) } def list () { [colorList: Color.list, colorTotal: Color

问题 On March 1, 2011 App Engine changed its login flow, breaking my app (see the Google Groups message). This issue also came up in this Stack Overflow question. The suggested answers are "have the app perform the redirect. That is, createLoginUrl only works when the continue url is a url for the app. If you need the user to be sent to another app/host after login, then your app needs to do that redirect" and "set up a redirect handler on your own app. Make that the target of the continue

问题 On March 1, 2011 App Engine changed its login flow, breaking my app (see the Google Groups message). This issue also came up in this Stack Overflow question. The suggested answers are "have the app perform the redirect. That is, createLoginUrl only works when the continue url is a url for the app. If you need the user to be sent to another app/host after login, then your app needs to do that redirect" and "set up a redirect handler on your own app. Make that the target of the continue

问题 I've just created a project for working with REST API (using yii2 framework). All issues of REST API is working really cool on localhost. But when bringing the project on server (also the same database is taken by), the authorization is not available. Now I'm using "yii\filters\auth\HttpBearerAuth" Inside the model "implements IdentityInterface", there's finding-token function "findIdentityByAccessToken" that's so simple, the "validateAuthKey" function is returning always true; see below:

问题 I'm writing a simple RESTful service, using Phil Sturgeon Rest Server. I want to protect my methods by using the API key provided with this library. Unfortunately, this is not very well documented and I'm a bit lost. I want to authenticate users (email/password), then generate an auth key to send on every other requests. But it seems that I already need the auth key to generate one ... Create a dummy key does not seem very secure. Sorry if it is a dumb question, but what should be the best

问题 I am trying to use the VisualStudioOnline REST API using python 3.6. (Plenty of examples using python 2.x.) The python script response is the generic html login page. I have tested the url generated by this script using REST Console Chrome plug-in and it worked fine using my personal access token. import json import base64 import urllib.request personal_access_token = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" headers = {} headers['Content-type'] = "application/json" headers[

问题 I'm trying to develop a web service to be consumed by mobile clients (iOS clients, for now), I read that RESTful services are much more lightweight than SOAP services, so I'd like to try my hand at this. Most methods will require authentication, but I'm not sure how to handle this, as I read REST is supposed to be stateless, so how can I validate the user accessing the service from iOS and then use that authentication to validate successive calls to other web methods? Note: I'll be using WCF