I am writing a REST service on JAX-RS (to be exact, RESTeasy from JBoss). Immediately I say that I am not very good at security issues and I don’t know much about the web either, so this was the problem. And frankly, I do not know what to look for.

There are a lot of questions, and I will be very grateful if you share your knowledge in this regard, or tell me where to look for such information and what terminology to use. Also, I would be very happy if someone advised security articles / books on the web.

How can I implement client authorization in the service and further check for access to closed parts of the service?

That is, suppose I have implemented a simple POST request via HTTPS, in which the user login and password is transmitted. And if the data is correct, then how to further verify that the client has access and identify it from others? Is it possible to invest login and password in every request? What authentication methods are used for REST services?

And how to preserve the “beauty” of the code: to separate the logic-security from business logic?

  • one
    habrahabr.ru/post/245415 : Basic Authentication, Digest authentication, Token Authentication, Digital Signature (public / private key pair), Certificate Authentication, OAuth2 authorization - we are looking for in the context of RESTeasy instead of SPRING. - DimXenon

1 answer 1

Thanks to DimXenon, I found this good answer to my question on the English-speaking StackOverflow. Everything is simple and clear, with a convenient separation of security logic and business logic. If someone translates and presents in the form of an answer to the original question, it will be great.