Token based authentication – users will provide its credentials and get unique and time limited access token. I would like to manage token creation, checking validity, expiration in my own implementation. Actually, use Filter for token Auth – best way in this case Eventually, you can create CRUD via Spring Data for managing Token’s properties … Read more
you have to disable csrf Protection because it is enabled by default in spring security: here you can see code that allow cors origin. import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfigurationSource; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter{ @Override protected void configure(HttpSecurity http) throws Exception{ http.cors().and().csrf().disable(); } @Bean CorsConfigurationSource … Read more
In my experience, GET /users/{id} GET /users/email/{email} is the most common approach. I would also expect the methods to return a 404 Not Found if a user doesn’t exist with the provided id or email. I wouldn’t be surprised to see GET /users/id/{id}, either (though in my opinion, it is redundant). Comments on the other … Read more
First I’d like to emphasize the difference between authentication and authorization: A user authenticates to your web site by supplying some credential such as a username+password. OpenID allows this to be displaced by having the user authenticate to another service, which then asserts the user’s identity to your web site on the user’s behalf. Your … Read more
As HTTP requests in a stateless system should be independent, the results of one request should not be dependent on a previous request. Consider what should happen if two users did a DELETE on the same resource simultaneously. It makes sense for the second request to get a 404. The same should be true if … Read more
REST is almost always going to be faster. The main advantage of SOAP is that it provides a mechanism for services to describe themselves to clients, and to advertise their existence. REST is much more lightweight and can be implemented using almost any tool, leading to lower bandwidth and shorter learning curve. However, the clients … Read more
What are the best practices and considerations of choosing between 1 and 2 above? Usually the content body is used for the data that is to be uploaded/downloaded to/from the server and the query parameters are used to specify the exact data requested. For example when you upload a file you specify the name, mime … Read more
Representational state transfer (REST) is a style of software architecture. As described in a dissertation by Roy Fielding, REST is an “architectural style” that basically exploits the existing technology and protocols of the Web. RESTful is typically used to refer to web services implementing such an architecture.
You should use hyphens in a crawlable web application URL. Why? Because the hyphen separates words (so that a search engine can index the individual words), and a hyphen is not a word character. Underscore is a word character, meaning it should be considered part of a word. Double-click this in Chrome: camelCase Double-click this … Read more
If you plan to use newer versions of resteasy that implement JAX-RS 2.0, the following dependencies should solve your problem: <dependency> <groupId>org.jboss.resteasy</groupId> <artifactId>resteasy-jaxrs</artifactId> <version>3.0.5.Final</version> </dependency> <dependency> <groupId>org.jboss.resteasy</groupId> <artifactId>jaxrs-api</artifactId> <version>3.0.5.Final</version> </dependency> <dependency> <groupId>org.jboss.resteasy</groupId> <artifactId>resteasy-jaxb-provider</artifactId> <version>3.0.5.Final</version> </dependency> <dependency> <groupId>org.jboss.resteasy</groupId> <artifactId>resteasy-jackson2-provider</artifactId> <version>3.0.5.Final</version> </dependency>