安全和验证使用REST的iPhone应用程序的最佳安全框架? [英] Best Security Framework to secure and authenticate an iPhone app which uses REST?
问题描述
我构建了一个iPhone应用程序,它通过REST Web服务(Jersey)通过JSON对象将数据传输到Java中间层后端......
I built an iPhone app which transfers data via a REST web service (Jersey) via JSON objects to a Java middle tier back end...
问题(s ):
(1)确保此iPhone应用程序登录/验证的最佳方法是什么?
(1) What is the best way to secure the login / authentication of this iPhone App?
(2)是否有用于获取此类功能的开源或商业框架?
(2) Is there an open source or commercial framework used to acquire this type of functionality?
到目前为止,我遇到了OAuth,SAML和REST身份服务
So far I have come across OAuth, SAML and REST Identity Services
(3)这个框架是否需要SSL?
(3) Will this framework require SSL?
(4)它是否验证客户端(不仅仅是用户) )?
(4) Does it validate the client (not just the user)?
(5)我是否采取了错误的方式?我应该只使用每个REST调用所需的加密令牌并安装SSL吗?
(5) Am I going about this the wrong way? Meaning should I just use an encrypted token which is required for every single REST call and install SSL?
如果有人了解我的困境并且可以提供帮助,我会非常感激...我知道这可以在iPhone应用程序上以某种方式完成,因为美国银行和亚马逊拥有相同类型的登录功能和安全性。
Would really appreciate this if someone understands my plight and can help... I know that this can be done somehow on an iPhone app because Bank of America and Amazon have this same type of login feature and security.
快乐编码,
Mike
推荐答案
我在6月初在JavaOne上做了一个演示服务器上的Jersey,OAuth(通过 OpenSSO )和JavaFX客户端。该代码有点实验性,但它可能对您有用 - 请参阅此博客条目 - 尤其是评论#2。 还有一个视频可以高级解释。我使用XML,但是,由于OAuth在HTTP级别工作,它对JSON同样有效。
I did a demo at JavaOne at the beginning of June that used Jersey on the server, OAuth (via OpenSSO) and a JavaFX client. The code is somewhat experimental, but it might be useful to you - see this blog entry - especially comment #2. There's also a video that explains it at a high level. I used XML, but, since OAuth works at the HTTP level, it works equally well for JSON.
BTW - 有一个Objective C OAuth Consumer实现 - 我没有使用它,但 Pownce确实。
BTW - there's an Objective C OAuth Consumer implementation - I haven't used it, but Pownce did.
这篇关于安全和验证使用REST的iPhone应用程序的最佳安全框架?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
