SlideShare une entreprise Scribd logo

Rest security with oauth 2.0

Télécharger en tant que PPTX, PDF
Anirban Sen Chowdhary
Anirban Sen Chowdhary

The document discusses how to secure a RESTful web service using OAuth 2.0 authentication in three steps: 1) Obtain a secret code by authorizing with a client ID and credentials, 2) Use the secret code to obtain an access token, and 3) Include the access token in the header when accessing the secured web service. An example Mule flow is provided to demonstrate implementing OAuth 2.0 security for a REST API using the authorization code grant type.

Technologie
1  sur  20
By Anirban Sen Chowdhary
We often required to secure our web services specially those are accessed by the external world. What about securing a RESTful web services ???
Yes .. We can .. I will show you this trick .. How ??
We can easily secure our REST service using OAUTH 2.0
For implementing OAUTH 2.0 in our REST web service we require 3 steps :- • Authorisation to obtain a secret code • Use that secret code to obtain an access_token • Use the access_token to validate and access the web service
Let us we have following Mule flow:- Here is our web service which will be secured by using OAUTH 2.0 security. You can see the OAUTH 2.0 component is placed between HTTP and CXF component which will validate the access_token and will permit to accesses the web service
The corresponding Mule flow will be as follows:- Here is you can see OAUTH 2.0 is validating the access_token coming from HTTP
Here you can see we have configured the Spring security with username and password to obtain a secret code. Also in oauth2 provider config we configured client id and client secret
Authorization to obtain a secret code
Now we will go with first step : Step 1 :- Authorisation to obtain a secret code We will put the following url in browser :- http://localhost:8084/tweetbook/api/authorize?response_type=code&client_id=e7aaf348-f08a-11e1- 9237-96c6dd6a022f&scope=READ_BOOKSHELF&redirect_uri=http://localhost:8082/getData/insert You can see we are passing client id and client code in our url and we will get the above page for login
We will be providing the username and password configure in our Spring security in Mule Config:- username john and password is doe in our case, and we will hit login and Authorize button
We will get a secrete code in browser url as following :- We will use that secret code to obtain an access_token
Use that secret code to obtain an access_token
Now we will go with second step : Step 2 :- Use that secret code to obtain an access_token We need to include the secret code in our url as follows :- http://localhost:8084/tweetbook/api/token?grant_type=AUTHORIZATION_CODE&client_id=e7aaf348-f08a-11e1- 9237-96c6dd6a022f&client_secret=ee9acaa2-f08a-11e1-bc20- 96c6dd6a022f&code=lkE9VJmNmTBbzVl1plkMffuj3jlIOavtWeaWsxk3gVMglbfo_dvGnX9HJoXMSOGPw29E2H00kwX8 5YOxNlLFTg&redirect_uri=http://localhost:8082/getData/insert We will use that secret code to obtain an access_token. And now you can see we got the access_token in the browser. And this access_token will be using to access our web service
Use the access_token to validate and access the web service
Now we will go with third step : Step 3 :- Use the access_token to validate and access the web service We need the access_token to be pass as a header when accessing web service as follows You can see we are using REST Client for testing our web service and passing the access_token in the header
Now, you can see that if we hit the web service in the REST Client with the an access_token in the header, the secured service is providing the response
In my next slide I will bring some other techniques in Mule implementation . Hope you have enjoyed this simpler version. Keep sharing your knowledge and let our Mule community grow 
Rest security with oauth 2.0

Recommandé

Rest security in mule
Rest security in muleRest security in mule
Rest security in mule
Son Nguyen
 
Demo on Mule ESB Facebook Connector
Demo on Mule ESB Facebook ConnectorDemo on Mule ESB Facebook Connector
Demo on Mule ESB Facebook Connector
Rupesh Sinha
 
Https service mule
Https service muleHttps service mule
Https service mule
Karnam Karthik
 
Mule ESB integration with Stripe
Mule ESB integration with StripeMule ESB integration with Stripe
Mule ESB integration with Stripe
Ramakrishna Narkedamilli
 
Salesforce Integration using Mule ESB
Salesforce Integration using Mule ESBSalesforce Integration using Mule ESB
Salesforce Integration using Mule ESB
Sreekanth Kondapalli
 
Integrate facebook using mule esb
Integrate facebook using mule esbIntegrate facebook using mule esb
Integrate facebook using mule esb
Sanjeet Pandey
 
Mule with facebook
Mule with facebookMule with facebook
Mule with facebook
D.Rajesh Kumar
 
Mule esb - How to connect to a MySql Database in 5 minutes
Mule esb - How to connect to a MySql Database in 5 minutesMule esb - How to connect to a MySql Database in 5 minutes
Mule esb - How to connect to a MySql Database in 5 minutes
Gennaro Spagnoli
 

Recommandé

Rest security in mule
Rest security in muleRest security in mule
Rest security in mule
Son Nguyen
 
Demo on Mule ESB Facebook Connector
Demo on Mule ESB Facebook ConnectorDemo on Mule ESB Facebook Connector
Demo on Mule ESB Facebook Connector
Rupesh Sinha
 
Https service mule
Https service muleHttps service mule
Https service mule
Karnam Karthik
 
Mule ESB integration with Stripe
Mule ESB integration with StripeMule ESB integration with Stripe
Mule ESB integration with Stripe
Ramakrishna Narkedamilli
 
Salesforce Integration using Mule ESB
Salesforce Integration using Mule ESBSalesforce Integration using Mule ESB
Salesforce Integration using Mule ESB
Sreekanth Kondapalli
 
Integrate facebook using mule esb
Integrate facebook using mule esbIntegrate facebook using mule esb
Integrate facebook using mule esb
Sanjeet Pandey
 
Mule with facebook
Mule with facebookMule with facebook
Mule with facebook
D.Rajesh Kumar
 
Mule esb - How to connect to a MySql Database in 5 minutes
Mule esb - How to connect to a MySql Database in 5 minutesMule esb - How to connect to a MySql Database in 5 minutes
Mule esb - How to connect to a MySql Database in 5 minutes
Gennaro Spagnoli
 
Deploy with maven
Deploy with mavenDeploy with maven
Deploy with maven
Son Nguyen
 
Mule velocity
Mule velocityMule velocity
Mule velocity
Praneethchampion
 
Integrate with facebook connector
Integrate with facebook connectorIntegrate with facebook connector
Integrate with facebook connector
Son Nguyen
 
Integration with dropbox
Integration with dropboxIntegration with dropbox
Integration with dropbox
Son Nguyen
 
Integrate to retrieve data microsoft azure
Integrate to retrieve data microsoft azureIntegrate to retrieve data microsoft azure
Integrate to retrieve data microsoft azure
Son Nguyen
 
Deploying and Running in Mule
Deploying and Running in MuleDeploying and Running in Mule
Deploying and Running in Mule
Khasim Saheb
 
Expose web service
Expose web serviceExpose web service
Expose web service
Son Nguyen
 
Manage and consume the api
Manage and consume the apiManage and consume the api
Manage and consume the api
Achyuta Lakshmi Puvvala
 
Mule Salesforce Connector
Mule Salesforce ConnectorMule Salesforce Connector
Mule Salesforce Connector
Ankush Sharma
 
Mule organization
Mule organizationMule organization
Mule organization
Son Nguyen
 
Mule management console installation
Mule management console installation Mule management console installation
Mule management console installation
javeed_mhd
 
Mule esb stripe
Mule esb stripeMule esb stripe
Mule esb stripe
D.Rajesh Kumar
 
Installing mule
Installing muleInstalling mule
Installing mule
JavierMarRas
 
Mule Integration with Dropbox
Mule Integration with DropboxMule Integration with Dropbox
Mule Integration with Dropbox
Ramakrishna Narkedamilli
 
Integration with CMIS using Mule ESB
Integration with CMIS using Mule ESBIntegration with CMIS using Mule ESB
Integration with CMIS using Mule ESB
Sanjeet Pandey
 
Integration with sales force
Integration with sales forceIntegration with sales force
Integration with sales force
Son Nguyen
 
Popular Wordpress Plug-ins of May 2013
Popular Wordpress Plug-ins of May 2013Popular Wordpress Plug-ins of May 2013
Popular Wordpress Plug-ins of May 2013
magentodeveloperindia
 
Integration with Microsoft SharePoint using Mule ESB
Integration with Microsoft SharePoint using Mule ESBIntegration with Microsoft SharePoint using Mule ESB
Integration with Microsoft SharePoint using Mule ESB
Sanjeet Pandey
 
Deploy apps in standalone with maven
Deploy apps in standalone with mavenDeploy apps in standalone with maven
Deploy apps in standalone with maven
Anirban Sen Chowdhary
 
Detection of REST Patterns and Antipatterns: A Heuristics-based Approach
Detection of REST Patterns and Antipatterns: A Heuristics-based ApproachDetection of REST Patterns and Antipatterns: A Heuristics-based Approach
Detection of REST Patterns and Antipatterns: A Heuristics-based Approach
Francis Palma
 
Stateful Web Services - Short Report
Stateful Web Services - Short ReportStateful Web Services - Short Report
Stateful Web Services - Short Report
Muhammad Jawaid Shamshad
 
Stateful Web Services - Presentation
Stateful Web Services - PresentationStateful Web Services - Presentation
Stateful Web Services - Presentation
Muhammad Jawaid Shamshad
 

Contenu connexe

Tendances

Tendances (18)

Deploy with maven
Deploy with mavenDeploy with maven
Deploy with maven
 
Mule velocity
Mule velocityMule velocity
Mule velocity
 
Integrate with facebook connector
Integrate with facebook connectorIntegrate with facebook connector
Integrate with facebook connector
 
Integration with dropbox
Integration with dropboxIntegration with dropbox
Integration with dropbox
 
Integrate to retrieve data microsoft azure
Integrate to retrieve data microsoft azureIntegrate to retrieve data microsoft azure
Integrate to retrieve data microsoft azure
 
Deploying and Running in Mule
Deploying and Running in MuleDeploying and Running in Mule
Deploying and Running in Mule
 
Expose web service
Expose web serviceExpose web service
Expose web service
 
Manage and consume the api
Manage and consume the apiManage and consume the api
Manage and consume the api
 
Mule Salesforce Connector
Mule Salesforce ConnectorMule Salesforce Connector
Mule Salesforce Connector
 
Mule organization
Mule organizationMule organization
Mule organization
 
Mule management console installation
Mule management console installation Mule management console installation
Mule management console installation
 
Mule esb stripe
Mule esb stripeMule esb stripe
Mule esb stripe
 
Installing mule
Installing muleInstalling mule
Installing mule
 
Mule Integration with Dropbox
Mule Integration with DropboxMule Integration with Dropbox
Mule Integration with Dropbox
 
Integration with CMIS using Mule ESB
Integration with CMIS using Mule ESBIntegration with CMIS using Mule ESB
Integration with CMIS using Mule ESB
 
Integration with sales force
Integration with sales forceIntegration with sales force
Integration with sales force
 
Popular Wordpress Plug-ins of May 2013
Popular Wordpress Plug-ins of May 2013Popular Wordpress Plug-ins of May 2013
Popular Wordpress Plug-ins of May 2013
 
Integration with Microsoft SharePoint using Mule ESB
Integration with Microsoft SharePoint using Mule ESBIntegration with Microsoft SharePoint using Mule ESB
Integration with Microsoft SharePoint using Mule ESB
 

En vedette

Spring camp 발표자료
Spring camp 발표자료Spring camp 발표자료
Spring camp 발표자료
수홍 이
 
Declarative authorization in REST services in SharePoint with F# and ServiceS...
Declarative authorization in REST services in SharePoint with F# and ServiceS...Declarative authorization in REST services in SharePoint with F# and ServiceS...
Declarative authorization in REST services in SharePoint with F# and ServiceS...
Sergey Tihon
 
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
Cesare Pautasso
 

En vedette (20)

Deploy apps in standalone with maven
Deploy apps in standalone with mavenDeploy apps in standalone with maven
Deploy apps in standalone with maven
 
Detection of REST Patterns and Antipatterns: A Heuristics-based Approach
Detection of REST Patterns and Antipatterns: A Heuristics-based ApproachDetection of REST Patterns and Antipatterns: A Heuristics-based Approach
Detection of REST Patterns and Antipatterns: A Heuristics-based Approach
 
Stateful Web Services - Short Report
Stateful Web Services - Short ReportStateful Web Services - Short Report
Stateful Web Services - Short Report
 
Stateful Web Services - Presentation
Stateful Web Services - PresentationStateful Web Services - Presentation
Stateful Web Services - Presentation
 
REST API Doc Best Practices
REST API Doc Best PracticesREST API Doc Best Practices
REST API Doc Best Practices
 
Web Services Security - Presentation
Web Services Security - PresentationWeb Services Security - Presentation
Web Services Security - Presentation
 
WS-Trust
WS-TrustWS-Trust
WS-Trust
 
Spring camp 발표자료
Spring camp 발표자료Spring camp 발표자료
Spring camp 발표자료
 
Declarative authorization in REST services in SharePoint with F# and ServiceS...
Declarative authorization in REST services in SharePoint with F# and ServiceS...Declarative authorization in REST services in SharePoint with F# and ServiceS...
Declarative authorization in REST services in SharePoint with F# and ServiceS...
 
REST API Best (Recommended) Practices
REST API Best (Recommended) PracticesREST API Best (Recommended) Practices
REST API Best (Recommended) Practices
 
A microservice architecture based on golang
A microservice architecture based on golangA microservice architecture based on golang
A microservice architecture based on golang
 
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring Security
 
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry BuzdinModern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2
 
Spring Security
Spring SecuritySpring Security
Spring Security
 
Microservices in Golang
Microservices in GolangMicroservices in Golang
Microservices in Golang
 
Best Practices for API Security
Best Practices for API SecurityBest Practices for API Security
Best Practices for API Security
 
Microservice With Spring Boot and Spring Cloud
Microservice With Spring Boot and Spring CloudMicroservice With Spring Boot and Spring Cloud
Microservice With Spring Boot and Spring Cloud
 
REST API Security: OAuth 2.0, JWTs, and More!
REST API Security: OAuth 2.0, JWTs, and More!REST API Security: OAuth 2.0, JWTs, and More!
REST API Security: OAuth 2.0, JWTs, and More!
 

Similaire à Rest security with oauth 2.0

Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015
Alvaro Sanchez-Mariscal
 
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Alvaro Sanchez-Mariscal
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 support
Gaurav Sharma
 

Similaire à Rest security with oauth 2.0 (20)

LinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To HeroLinkedIn OAuth: Zero To Hero
LinkedIn OAuth: Zero To Hero
 
Applying OAuth on RingCentral API (part 3)
Applying OAuth on RingCentral API (part 3)Applying OAuth on RingCentral API (part 3)
Applying OAuth on RingCentral API (part 3)
 
Stateless authentication for microservices - GR8Conf 2015
Stateless authentication for microservices - GR8Conf 2015Stateless authentication for microservices - GR8Conf 2015
Stateless authentication for microservices - GR8Conf 2015
 
Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015
 
Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015
 
Mulesoft Salesforce Connector - OAuth 2.0 JWT Bearer
Mulesoft Salesforce Connector - OAuth 2.0 JWT BearerMulesoft Salesforce Connector - OAuth 2.0 JWT Bearer
Mulesoft Salesforce Connector - OAuth 2.0 JWT Bearer
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - Demystified
 
Introduction to OAuth
Introduction to OAuthIntroduction to OAuth
Introduction to OAuth
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
Stateless authentication for microservices applications - JavaLand 2015
Stateless authentication for microservices applications - JavaLand 2015Stateless authentication for microservices applications - JavaLand 2015
Stateless authentication for microservices applications - JavaLand 2015
 
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
 
RESTful Day 5
RESTful Day 5RESTful Day 5
RESTful Day 5
 
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
 
Devteach 2017 OAuth and Open id connect demystified
Devteach 2017 OAuth and Open id connect demystifiedDevteach 2017 OAuth and Open id connect demystified
Devteach 2017 OAuth and Open id connect demystified
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0
 
Microservice Protection With WSO2 Identity Server
Microservice Protection With WSO2 Identity ServerMicroservice Protection With WSO2 Identity Server
Microservice Protection With WSO2 Identity Server
 
Indianapolis mule soft_meetup_30_jan_2021 (1)
Indianapolis mule soft_meetup_30_jan_2021 (1)Indianapolis mule soft_meetup_30_jan_2021 (1)
Indianapolis mule soft_meetup_30_jan_2021 (1)
 
O auth2 with angular js
O auth2 with angular jsO auth2 with angular js
O auth2 with angular js
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 support
 

Plus de Anirban Sen Chowdhary

Plus de Anirban Sen Chowdhary (20)

Change the game with Game changer
Change the game with Game changerChange the game with Game changer
Change the game with Game changer
 
Ring central desktop app overview
Ring central desktop app overviewRing central desktop app overview
Ring central desktop app overview
 
Overview in ringcentral digital line
Overview in ringcentral digital lineOverview in ringcentral digital line
Overview in ringcentral digital line
 
Some basics with ring central
Some basics with ring centralSome basics with ring central
Some basics with ring central
 
Ring central and python
Ring central and pythonRing central and python
Ring central and python
 
RingCentral application development overview
RingCentral application development overviewRingCentral application development overview
RingCentral application development overview
 
Cloze connect ringcentral
Cloze connect ringcentralCloze connect ringcentral
Cloze connect ringcentral
 
Overview on ring central errors part 4
Overview on ring central errors part 4Overview on ring central errors part 4
Overview on ring central errors part 4
 
Setting up your ring central sandbox in steps
Setting up your ring central sandbox in stepsSetting up your ring central sandbox in steps
Setting up your ring central sandbox in steps
 
Overview on ring central errors: part 2
Overview on ring central errors: part 2Overview on ring central errors: part 2
Overview on ring central errors: part 2
 
Overview on ring central errors
Overview on ring central errorsOverview on ring central errors
Overview on ring central errors
 
Call recording overview ring central
Call recording overview ring centralCall recording overview ring central
Call recording overview ring central
 
Ring central engaging with amazon alexa
Ring central engaging with amazon alexaRing central engaging with amazon alexa
Ring central engaging with amazon alexa
 
How ring central sdk changing the game
How ring central sdk changing the gameHow ring central sdk changing the game
How ring central sdk changing the game
 
When ring central connect salesforce
When ring central connect salesforceWhen ring central connect salesforce
When ring central connect salesforce
 
Mule 4 connecting ring central
Mule 4 connecting ring centralMule 4 connecting ring central
Mule 4 connecting ring central
 
Ring central sdk
Ring central sdkRing central sdk
Ring central sdk
 
Ring central with okta
Ring central with oktaRing central with okta
Ring central with okta
 
Ring central connecting salesforce overview
Ring central connecting salesforce overviewRing central connecting salesforce overview
Ring central connecting salesforce overview
 
Ring central call logs overview (part 2)
Ring central call logs overview (part 2)Ring central call logs overview (part 2)
Ring central call logs overview (part 2)
 

Dernier

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Dernier (20)

JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 

Rest security with oauth 2.0

  • 1. By Anirban Sen Chowdhary
  • 2. We often required to secure our web services specially those are accessed by the external world. What about securing a RESTful web services ???
  • 3.
  • 4. Yes .. We can .. I will show you this trick .. How ??
  • 5. We can easily secure our REST service using OAUTH 2.0
  • 6. For implementing OAUTH 2.0 in our REST web service we require 3 steps :- • Authorisation to obtain a secret code • Use that secret code to obtain an access_token • Use the access_token to validate and access the web service
  • 7. Let us we have following Mule flow:- Here is our web service which will be secured by using OAUTH 2.0 security. You can see the OAUTH 2.0 component is placed between HTTP and CXF component which will validate the access_token and will permit to accesses the web service
  • 8. The corresponding Mule flow will be as follows:- Here is you can see OAUTH 2.0 is validating the access_token coming from HTTP
  • 9. Here you can see we have configured the Spring security with username and password to obtain a secret code. Also in oauth2 provider config we configured client id and client secret
  • 10. Authorization to obtain a secret code
  • 11. Now we will go with first step : Step 1 :- Authorisation to obtain a secret code We will put the following url in browser :- http://localhost:8084/tweetbook/api/authorize?response_type=code&client_id=e7aaf348-f08a-11e1- 9237-96c6dd6a022f&scope=READ_BOOKSHELF&redirect_uri=http://localhost:8082/getData/insert You can see we are passing client id and client code in our url and we will get the above page for login
  • 12. We will be providing the username and password configure in our Spring security in Mule Config:- username john and password is doe in our case, and we will hit login and Authorize button
  • 13. We will get a secrete code in browser url as following :- We will use that secret code to obtain an access_token
  • 14. Use that secret code to obtain an access_token
  • 15. Now we will go with second step : Step 2 :- Use that secret code to obtain an access_token We need to include the secret code in our url as follows :- http://localhost:8084/tweetbook/api/token?grant_type=AUTHORIZATION_CODE&client_id=e7aaf348-f08a-11e1- 9237-96c6dd6a022f&client_secret=ee9acaa2-f08a-11e1-bc20- 96c6dd6a022f&code=lkE9VJmNmTBbzVl1plkMffuj3jlIOavtWeaWsxk3gVMglbfo_dvGnX9HJoXMSOGPw29E2H00kwX8 5YOxNlLFTg&redirect_uri=http://localhost:8082/getData/insert We will use that secret code to obtain an access_token. And now you can see we got the access_token in the browser. And this access_token will be using to access our web service
  • 16. Use the access_token to validate and access the web service
  • 17. Now we will go with third step : Step 3 :- Use the access_token to validate and access the web service We need the access_token to be pass as a header when accessing web service as follows You can see we are using REST Client for testing our web service and passing the access_token in the header
  • 18. Now, you can see that if we hit the web service in the REST Client with the an access_token in the header, the secured service is providing the response
  • 19. In my next slide I will bring some other techniques in Mule implementation . Hope you have enjoyed this simpler version. Keep sharing your knowledge and let our Mule community grow 