How to restrict access to the Java API using Spring Security?

Asked

Viewed 68 times

0

Hello.

I have an API in my back-end that provides the data for my web application (web ad query application).

The application has no login and password, so few registered users. It is an application where users only make queries.

But I wanted to restrict access directly to the API, where only my application would have this access, that is to restrict access to the API by third parties who might want to use my API for some reason..

What would be the best solution? The API is developed in Java Scpring Security.

java api spring back-end

  • Search for authentication via oAuth. It involves using a token in the request to your api. Spring security is fully compatible with this solution.

  • I understand that Uth limits the request with token usage, but if I store this token in my Javascript in the client, anyone will see the token in that client and can use it in another application if they so wish.

  • You have control over the lifetime of the token. Even if someone had access to it, possibly it would already be invalid when it was used.

1 answer

0

You can do this in several ways, I’ll give you some examples.

  1. Restrict by IP, only the Ips you set will be able to access the API, whichever is different, you reject.
  2. You can use Oauth2 as well, as well as Statelessdev in the comment above.

Browser other questions tagged java api spring back-end

You are not signed in. Login or sign up in order to post.