There has always been a concern over security when going with a Restful application. Following are the clients which can access a Restful application:
In this Blog we are going to see how a restful application can be secured and also, we will create a virtual session at the server side.
- Java Script Client
- Java/X Client
- Mobile Client
In this Blog we are going to see how a restful application can be secured and also, we will create a virtual session at the server side.
- For the very first request once the authentication is done create a token and send it back to the client.
- The client will always be passing this token with the subsequent requests.
- At the server end create a virtual session with the original token obtained at the very first times after the authentication.
- Create an token encrypted which update the token every times and update the token every times. so that even though some one hacks this token, the same can not be reused further on.
- Rest Services at the server end will keep on decrypting the token and It will understand update done each times the client requests.
- Maintain a token map which will have the last time accessed
- On every request made by the same client, update the last accessed time for that decrypted original token
- Create a demon thread which will clear the virtual session for which last accessed time is more than specified time.
The above will ensures that the application is secured and the reset server supports a virtual session for these clients.
In the next Blog we will see in more detailed about securing Rest Services.
No comments:
Post a Comment