Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Modern API Development with Spring 6 and Spring Boot 3

You're reading from   Modern API Development with Spring 6 and Spring Boot 3 Design scalable, viable, and reactive APIs with REST, gRPC, and GraphQL using Java 17 and Spring Boot 3

Arrow left icon
Product type Paperback
Published in Sep 2023
Publisher Packt
ISBN-13 9781804613276
Length 494 pages
Edition 2nd Edition
Languages
Tools
Concepts
Arrow right icon
Author (1):
Arrow left icon
Sourabh Sharma Sourabh Sharma
Author Profile Icon Sourabh Sharma
Sourabh Sharma
Arrow right icon
View More author details
Toc

Table of Contents (21) Chapters Close

Preface 1. Part 1 – RESTful Web Services
2. Chapter 1: RESTful Web Service Fundamentals FREE CHAPTER 3. Chapter 2: Spring Concepts and REST APIs 4. Chapter 3: API Specifications and Implementation 5. Chapter 4: Writing Business Logic for APIs 6. Chapter 5: Asynchronous API Design 7. Part 2 – Security, UI, Testing, and Deployment
8. Chapter 6: Securing REST Endpoints Using Authorization and Authentication 9. Chapter 7: Designing a User Interface 10. Chapter 8: Testing APIs 11. Chapter 9: Deployment of Web Services 12. Part 3 – gRPC, Logging, and Monitoring
13. Chapter 10: Getting Started with gRPC 14. Chapter 11: gRPC API Development and Testing 15. Chapter 12: Adding Logging and Tracing to Services 16. Part 4 – GraphQL
17. Chapter 13: Getting Started with GraphQL 18. Chapter 14: GraphQL API Development and Testing 19. Index 20. Other Books You May Enjoy

Securing REST Endpoints Using Authorization and Authentication

In previous chapters, we developed a RESTful web service using imperative and reactive coding styles. Now, you’ll learn how you can secure these REST endpoints using Spring Security. You’ll implement token-based authentication and authorization for REST endpoints. A successful authentication provides two types of tokens – a JavaScript Object Notation (JSON) Web Token (JWT) as an access token, and a refresh token in response. This JWT-based access token is then used to access the secured Uniform Resource Locators (URLs). A refresh token is used to request a new JWT if the existing JWT has expired, and a valid request token provides a new JWT to use.

You’ll associate users with roles such as admin and user. These roles will be used as authorization to make sure that REST endpoints can only be accessed if a user holds certain roles. We’ll also briefly discuss cross-site request forgery...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime