android 和 ios 的 Spring Boot Rest 安全 [英] Spring boot rest security with android and ios

问题描述

我正在开发 spring rest webservice，我的客户是 android 和 ios 应用程序.问题是我的应用程序100% 基于 api 甚至管理员也没有网站，一切都是移动的，我一直在努力如何仅使用 apis 进行身份验证和授权.在我的客户是浏览器之前，我做过小型的 spring 项目.但是现在我已经被困了一个星期，我似乎找不到任何关于如何进行身份验证和授权的事情.是我的方法还是它太不寻常了.我将不胜感激任何帮助.谢谢

I am developing spring rest webservice and my clients are android and ios applications. The problem is my application is 100% api based there is no website even for the admin, everything is mobile and I have been struggling how to do authentication and authorization with just apis. I did small spring projects before where my client was the browser. But now I have been stuck for a week and I can't seem to find anything on how to do this authentication and authorization thing. Is it my approach or is it so unusual thing. I would appreciate any help. Thanks

推荐答案

您可以使用 Basic Authentication 或 Digest Authentication

You can use Basic Authentication or Digest Authentication

https://docs.spring.io/spring-security/site/docs/3.0.x/reference/basic.html

但是您应该小心，不要将它用于 HTTP，只能用于 HTTPS，因为基本身份验证以纯文本形式传输密码.

But you should be careful and do not use it with HTTP, only with HTTPS, since basic authentication transmits the password as plain text.

第二种方法是使用 JWT 来保护您的应用程序.这是使用 JWT 的示例 https://github.com/szerhusenBC/jwt-spring-安全演示

Second way is to use JWT for securing your application. Here is example of using JWT https://github.com/szerhusenBC/jwt-spring-security-demo

这篇关于android 和 ios 的 Spring Boot Rest 安全的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！