Win a copy of Practical SVG this week in the HTML/CSS/JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Securing mobile REST Api with spring Security enough?

 
John Boby
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm planing to make a little mobile app that will rely on a java (spring-spring mvc) rest API. The API will have paths that look like this for example:

/rest/account POST (will create a new account (account is composed of a username+pass+email)

/rest/photo/like for example that modify behaviour and add things to the DB...

I'm also planing to use Spring Security to handle the authentication/authorisation. So the mobile app before to make any authorise call (for example to /rest/photo/like) it will have to login (so the basically to /security_check?j_username=username&password

And from now on every request will have to include the JSESSIONID in the cookie.

My question is, is this secure enough? Do I have to use OAUTH2? Or is it overkill?

Bonus question: As you don't need to be authenticated to make the /rest/account call to create an account, what is the best way to avoid that a user create 1000000 accounts ?? Apache/ip-filter? Or should I handle this in some interceptor in spring-mvc ?
 
We should throw him a surprise party. It will cheer him up. We can use this tiny ad:
the new thread boost feature: great for the advertiser and smooth for the coderanch user
https://coderanch.com/t/674455/Thread-Boost-feature
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!