Securing REST APIs in Grails and Spring Security
I split my Grails application into two applications - a client web application and a separate application that hosts the REST api. I am doing this because I am creating an iOS app to work with my web app. My application is using Spring Security and I want to secure the REST api. I suddenly found very little information on the correct way to do this. Should I implement oauth with Spring Security, which makes my API application an oauth provider?
Any suggestions would be great.
source to share
Yes, I just did it for another application. You have to say that spring security behaves differently when REST urls are accessed.
Add this to your config.groovy
You will now have two parts of your application that are authenticated as follows.
a) Anything related to / api (assuming you have a REST setup) in the url gets basic authentication
b) Everything else goes through the login page.
// making the application more secured by intercepting all URLs
grails.plugins.springsecurity.useBasicAuth = true
grails.plugins.springsecurity.basic.realmName = " REST API realm"
grails.plugins.springsecurity.securityConfigType = SecurityConfigType.InterceptUrlMap
//Exclude normal controllers from basic auth filter. Just the JSON API is included
grails.plugins.springsecurity.filterChain.chainMap = [
'/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter',
'/**': 'JOINED_FILTERS,-basicAuthenticationFilter,-basicExceptionTranslationFilter'
]
source to share
I've been working for the past weeks on a plugin that covers exactly what you want to do:
http://grails.org/plugin/spring-security-rest
Take a look at this and let me know if you have any problems.
source to share