Chapter 12. Security
Security is a term used to describe different things at different layers and parts of a system. For instance, take a web-based application that involves users accessing resources. Securing such a system may require the following:
Ensure that only authenticated users access resources.
Ensure the confidentiality and integrity of information right from the moment it is collected until the time it is stored and later presented to authorized entities or users.
Prevent unauthorized or malicious clients from abusing resources and data.
Maintain privacy, and follow the laws of the land that govern various security aspects.
There is no one-size-fits-all solution to address all these needs. Each application requires a careful analysis as part of the architecture and design exercise to cover all these aspects of security.
This chapter covers a subset of security-related topics for RESTful web services. It maps common problems such as authentication, authorization, confidentiality, and integrity to established HTTP-based standards and practices.
- Recipe 12.1
Use this recipe to learn how to use HTTP basic authentication.
- Recipe 12.2
Use this recipe to learn how to use HTTP digest authentication.
- Recipe 12.3
Use this recipe to learn how to use the three-legged OAuth protocol to let users authorize clients to access their resources.
- Recipe 12.4
Use this recipe to learn how to use the two-legged OAuth protocol to authenticate clients.
- Recipe 12.5
Use this recipe to learn how to prevent the ...
Get RESTful Web Services Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.