How to migrate to secure REST API security with an API key using Spring Boot?

Question

How to migrate to secure REST API security with an API key using Spring Boot?

Spring Security is a very flexible structure, and it is certainly possible to create an authentication implementation without authentication for each request to protect the REST Business-2-Business API.

However, what is the best way to go?

OAuth and OAuth2 are not included in this question.

Of particular interest are solutions based on the API-Key and API-Secret pairs, where:

It is assumed that the API secret was exchanged in advance and not sent in requests.
API key and API Secret are used to sign each request
A pair of API Key and API Secret is associated with a business network that wants to use the API

How can I achieve authentication on demand and enable subsequent access control based on GrantedAuthorities regarding implementation and configuration information?

Here is a blog post with a notable suggestion, which, however, seems rather specific and rather complex.

http://www.future-processing.pl/blog/exploring-spring-boot-and-spring-security-custom-token-based-authentication-of-rest-services-with-spring-security-and-pinch- of-spring-java-configuration-and-spring-integration-testing /

+4

spring-boot spring-security stateless api-key

sourcekick Feb 24 '15 at 18:19

source share

No one has answered this question yet.

See related questions:

249

RESTful authentication through Spring

46

How to protect the REST API with Spring Boot and Spring Security?