Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security with REST

 
Cameron Wallace McKenzie
author and cow tipper
Saloon Keeper
Posts: 4968
1
Hibernate Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Security of remote calls is always an issue at architecture review boards. What are currently the best ways to secure remote communications with REST?
 
Lasse Koskela
author
Sheriff
Posts: 11962
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As far as security goes, securing a RESTful web application isn't that different from securing a non-RESTful web application. For example, the transport layer is the same so you can use SSL. In Rails, you can use filters around controllers to enforce authentication/authorization regardless of whether or not the controller is RESTful.

Having said that, I don't have much experience with Rails and I'd be curious to hear from Ben how he sees this.
 
Ben Scofield
author
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Lasse, your answer is exactly correct. You can protect RESTful services just as you protect your standard applications.

The only thing I'd add is that you can also use HTTP Basic authentication if you like - it's built into Rails as of version 2.0, and works very nicely for some scenarios.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic