为多个 Web 应用共享的 REST API 进行身份验证。

huangapple go评论82阅读模式
英文:

authentication for restapi which shared by multiple webapps

问题

我有3个应用:a.warb.warrestful.war,它们都在同一个Tomcat中。

restful.war是一个Spring Boot、Spring MVC项目,为a.warb.war提供RESTful调用。

a.warb.war是独立的Web应用,它们都有自己的登录系统,用户存储在不同的数据库表中,例如a.war的用户存储在tableA中,b.war的用户存储在tableB中。

对于a.warb.war,有两种调用restful.war的方式:

  1. 通过org.apache.http.impl.client.DefaultHttpClient.execute()a.warb.war的Java代码中调用restful.war的代码。
  2. 通过ajax在a.warb.war的HTML/JSP页面中调用restful.war

我的目标是:只有登录到a.warb.war的用户才能调用restful.war,我该如何做到这一点?

英文:

I have 3 wars: a.war, b.war and restful.war, they are in the same tomcat.

restful.war is a spring boot, spring mvc project, it provides restful call for a.war and b.war.

a.war and b.war are independent webapps, they all have their own login system, their users are stored in different database tables, e.g. the users of a.war are stored in tableA, the users of b.war are stored in tableB.

for a.war and b.war, there are two places to call restful.war:

  1. call code of restful.war from java code in a.war, b.war via org.apache.http.impl.client.DefaultHttpClient.execute()
  2. call restful.war from html/jsp page of a.war,b.war via ajax

what I want is : only the user who login a.war or b.war can call restful.war, how can I do that?

答案1

得分: 1

在“restful”应用程序中实现基本身份验证,并从“a”和“b”调用其端点,使用适当的“Authorization”标头。<b> 这将解决以下问题,即如果“restful”从“a”或“b”收到调用,则会做出响应,否则将抛出403禁止错误。</b>

英文:

Implement basic authentication in 'restful' application and call its endpoint from 'a' and 'b' with proper "Authorization" header. <b> So this will solve problem where if 'restful' gets a call from 'a' or 'b' it will respond or else it will throw 403 forbidden error.</b>

huangapple
  • 本文由 发表于 2020年3月15日 15:52:41
  • 转载请务必保留本文链接:https://go.coder-hub.com/60690771.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定