The State of Securing RESTful APIs with Spring
Please log in to watch this conference skillscast.
Learn how to properly secure your RESTful endpoint, explore some common pitfalls when applying security to RESTful API and discover how the new features in Spring Security can greatly simplify securing your RESTful APIs.
The many benefits of a RESTful architecture has made it the standard way in which to design web based APIs. For example, the principles of REST state that we should leverage standard HTTP verbs which helps to keep our APIs simple. Server components that are considered RESTFul should be stateless which help to ensure that they can easily scale. We can leverage caching to gain further performance and scalability benefits.
However, the best practices of REST and security often seem to clash. How should a user be authenticated in a stateless application? How can a secured resource also support caching? Securing RESTful endpoints is further complicated by the the fact that security best practices evolve so rapidly.
In this talk Rob will discuss how to properly secure your RESTful endpoints. Along the way we will explore some common pitfalls when applying security to RESTful APIs. Finally, we will see how the new features in Spring Security can greatly simplify securing your RESTful APIs.
YOU MAY ALSO LIKE:
- Introduction to Security (SkillsCast recorded in November 2014)
- Pivotal's Core Spring (in London on 4th - 7th November 2019)
- London Java Community August Meetup (in London on 28th August 2019)
- London Java Community August (in London on 28th August 2019)
- Distilling Agile for Effective Execution (SkillsCast recorded in April 2019)
- Testing Microservices (SkillsCast recorded in April 2019)
Thanks to our sponsors
The State of Securing RESTful APIs with Spring
Rob Winch
Rob Winch is employed by Pivotal as the project lead of both the Spring Security and Spring LDAP projects. He is also a committer on the core Spring Framework and co-author of the Spring Security 3.1 book. In the past he has worked in the health care industry, bioinformatics research, high performance computing, and as a web consultant. When he is not sitting in front of a computer he enjoys playing the guitar.
Please log in to watch this conference skillscast.
Learn how to properly secure your RESTful endpoint, explore some common pitfalls when applying security to RESTful API and discover how the new features in Spring Security can greatly simplify securing your RESTful APIs.
The many benefits of a RESTful architecture has made it the standard way in which to design web based APIs. For example, the principles of REST state that we should leverage standard HTTP verbs which helps to keep our APIs simple. Server components that are considered RESTFul should be stateless which help to ensure that they can easily scale. We can leverage caching to gain further performance and scalability benefits.
However, the best practices of REST and security often seem to clash. How should a user be authenticated in a stateless application? How can a secured resource also support caching? Securing RESTful endpoints is further complicated by the the fact that security best practices evolve so rapidly.
In this talk Rob will discuss how to properly secure your RESTful endpoints. Along the way we will explore some common pitfalls when applying security to RESTful APIs. Finally, we will see how the new features in Spring Security can greatly simplify securing your RESTful APIs.
YOU MAY ALSO LIKE:
- Introduction to Security (SkillsCast recorded in November 2014)
- Pivotal's Core Spring (in London on 4th - 7th November 2019)
- London Java Community August Meetup (in London on 28th August 2019)
- London Java Community August (in London on 28th August 2019)
- Distilling Agile for Effective Execution (SkillsCast recorded in April 2019)
- Testing Microservices (SkillsCast recorded in April 2019)
Thanks to our sponsors
The State of Securing RESTful APIs with Spring
Rob Winch
Rob Winch is employed by Pivotal as the project lead of both the Spring Security and Spring LDAP projects. He is also a committer on the core Spring Framework and co-author of the Spring Security 3.1 book. In the past he has worked in the health care industry, bioinformatics research, high performance computing, and as a web consultant. When he is not sitting in front of a computer he enjoys playing the guitar.