up vote 0 down vote favorite
share [g+] share [fb]

I am creating one simple conference application (Java based) and using RESTFull Web Service to expose functionality.

I want to implement some authorization. Work Flow should be like:

1) Application received a xml request which is having username / password.

2) In response, Application should give some key ( for the authorization of the further request )

3)Now for every incoming request for this user, this key should be available in the xml request so that application can authorized the user.

Please suggest how should i implement this and what is the best approach.

I was searching for some Authorization framework and come across with OAuth. Please suggest.

Thanks in Advance...Looking for your feedback

link|improve this question
67% accept rate
Kindly improve your accept rate to get better and more options as answer. – manurajhada 15 hours ago
feedback

2 Answers

up vote 1 down vote accepted

  1. Application Key.. Every time app server will send the assigned key to the webservice in the xml that will be checked on webservice filter level from database mapped with the app server.. i.e. each app server will have separate pre assigned key to communicate with the web service.

  2. If you want this key at user level then when app will send user login request to services will generate a dynamic encoded key using username+password+currentTimeStamp and save it in db for current session if credentials are correct (successful login), this key will be returned in login request's response to user. And same key will be passed in every client request for the current session, as the session will get expired (after the default logout time or manual logout occurred) key will be deactivated in DB. The process will execute for each user and their each login session.

link|improve this answer
Thanks for the input.I was too thinking regarding the approach 2 but someone told me to explore OAuth as well.....Do you have any idea of OAuth.Does OAuth implementation required / beneficial here in any way.I have goggled about OAuth but couldn't come to the conclusion about the OAuth. – VJS 15 hours ago
feedback
up vote 1 down vote

There is a good tutorial from Oracle how to make secure using REST and oAuth.Please find the link Securing REST Web Services With OAuth

Hope this will help you.

link|improve this answer
feedback

Your Answer

 
or
required, but never shown
discard

Not the answer you're looking for? Browse other questions tagged or ask your own question.