0

I have a rest api MyRestApi.war which is a spring boot and spring mvc project.

There is another web project A.war which is a normal spring project. Its front-end such as javascript and back-end such as java code need to call MyRestApi. User need to log in A.war to use it.

I don't need to do permission control for MyRestApi, only users login to A.war can access MyRestApi via front-end and back-end of A.war

There are some solutions, e.g. API key, jwt, OAuth.

I want to try these three approaches then pick one.

But when I search something like api key authentication, they all use spring security to do that.

So how can I secure MyRestApi with api key without spring security.

Improve this question
1

1 Answer 1

Reset to default
2

You can write your own filter if you don't want to use spring security. This filter will interecept all the URLs. In this filter you can check for the API key in the headers and validate. If it's validate, let the chain continue else throw some meaningful error to the user/application.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

The api key is set in request header, e.g. header name is API-Key and header value is 123, then in the filter get this header value and check via this header name, right? If it is right, what is difference between the api key and http basic auth? because http basic auth also set something in a header, just it set username and password.
The above solution was to secure APIs without spring security. Is your both applications deployed on the same machine ? If yes, then you can configure your front facing web app to listen on 433/80 port. And backend app on a different port. Moreover, you can configure http connector for that backend app to listen to specific address only like "localhost". Check this link - serverfault.com/questions/218666/…
Yes, they are deployed on the same machine, but sorry I don't understand what you said. My question is : what is the difference between api key and http basic auth when these two approaches are used to secure restful api? Because both api key and http basic auth set value in http header? Is api key is more secure than http basic auth?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.