保护Java Rest服务:JSON WebToken(JWT)还是oAuth 1.0? [英] Securing Java Rest Service : JSON WebToken (JWT ) or oAuth 1.0?
问题描述
我想知道,JWT或oAuth 1.0是保护Rest服务的最佳方法。我们计划开发基于Dojo的Web应用程序和基于JAX-RS休息的Web服务。有人可以帮我解决这个问题吗? / p>
如果您可以建议一些示例代码在Java中实现相同的代码,那将是非常好的。
谢谢提前。
这些都是无法比拟的事情。 OAuth是关于3d party服务的SSO(单点登录)方案,而JWT仅涉及身份验证令牌格式。至少OAuth是一个高于标准的水平。
OAuth 1.0需要客户端加密,而2.0版本则不需要。
JWT允许在一个安全领域中结合无状态REST服务,如果将REST API拆分为多个微服务,这是一个巨大的优势。
I would like to know, JWT or oAuth 1.0 is best approach for securing Rest services.We are planning to develop a Dojo based web application and JAX-RS rest based web-service.Could someone help me on this ?.
It will be really good if you can suggest some sample code for implementing the same in Java.
Thanks in Advance.
These are uncomparable things. OAuth is about SSO (single sign on) scenario for 3d party services, while JWT is only about authentication token format. At least OAuth is an above level standard. OAuth 1.0 requires a client side encryption which is not needed in its 2.0 version. JWT allows combining stateless REST services in one security realm which is a huge advantage if you REST API is split into several microservices.
这篇关于保护Java Rest服务:JSON WebToken(JWT)还是oAuth 1.0?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!