Effective & Secure Method to populate Access Token for authorization header in Rest TemplateFluent...
What is the white spray-pattern residue inside these Falcon Heavy nozzles?
What are these boxed doors outside store fronts in New York?
Why is the design of haulage companies so “special”?
How can bays and straits be determined in a procedurally generated map?
What is GPS' 19 year rollover and does it present a cybersecurity issue?
Why did the Germans forbid the possession of pet pigeons in Rostov-on-Don in 1941?
A Journey Through Space and Time
Can Medicine checks be used, with decent rolls, to completely mitigate the risk of death from ongoing damage?
XeLaTeX and pdfLaTeX ignore hyphenation
I see my dog run
Is Social Media Science Fiction?
Why is "Reports" in sentence down without "The"
Extreme, but not acceptable situation and I can't start the work tomorrow morning
How does one intimidate enemies without having the capacity for violence?
Draw simple lines in Inkscape
What is the offset in a seaplane's hull?
Can I interfere when another PC is about to be attacked?
I probably found a bug with the sudo apt install function
What Brexit solution does the DUP want?
Why is an old chain unsafe?
Shell script can be run only with sh command
What do you call something that goes against the spirit of the law, but is legal when interpreting the law to the letter?
Infinite past with a beginning?
Prevent a directory in /tmp from being deleted
Effective & Secure Method to populate Access Token for authorization header in Rest Template
Fluent LinkedIn REST API client interface designDoes RunLengthEncoding class provide abstraction and encapsulation?Secure Token for use in API callsREST API for user access using ASP.NET CoreMethod to check header token if valid
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
$begingroup$
I am trying to consume a REST endpoint by using the RestTemplate Library provided by the spring framework.
The endpoint also demands a Bearer Access Token as its authorization header, which is only obtained as the response from a user authentication endpoint, which in turn expects an encoded Basic Auth in its Header.
This is the high-level implementation that I have done thus far.
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
headers.setBearerAuth(fetchAccessToken());
HttpEntity<String> entity = new HttpEntity<String>("parameters",headers);
ResponseEntity<?> result = this.restClient.exchange(urlToConsume, HttpMethod.GET, entity, String.class);
The 'fetchAccessToken' Method is implemented as follows
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.setBasicAuth(externalDestination.getClientId(),
externalDestination.getClientSecret());
HttpEntity<String> entity = new HttpEntity<String>("parameters", headers);
ResponseEntity<?> result = restClient.exchange(authUrl, HttpMethod.GET, entity, String.class);
//And Thereby fetching 'access_token' from the successful fetch.
I Want to know whether there is any cleaner way to replicate the above task of dealing with multiple Rest calls to accomplish a single task.
Also, I want to know whether I am missing out any essential validations from a security point of view.
java security rest spring spring-mvc
asked Apr 2 at 7:07
nithin pankajnithin pankaj
1111
New contributor
nithin pankaj is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
add a comment |
$begingroup$
I am trying to consume a REST endpoint by using the RestTemplate Library provided by the spring framework.
The endpoint also demands a Bearer Access Token as its authorization header, which is only obtained as the response from a user authentication endpoint, which in turn expects an encoded Basic Auth in its Header.
This is the high-level implementation that I have done thus far.
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
headers.setBearerAuth(fetchAccessToken());
HttpEntity<String> entity = new HttpEntity<String>("parameters",headers);
ResponseEntity<?> result = this.restClient.exchange(urlToConsume, HttpMethod.GET, entity, String.class);
The 'fetchAccessToken' Method is implemented as follows
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.setBasicAuth(externalDestination.getClientId(),
externalDestination.getClientSecret());
HttpEntity<String> entity = new HttpEntity<String>("parameters", headers);
ResponseEntity<?> result = restClient.exchange(authUrl, HttpMethod.GET, entity, String.class);
//And Thereby fetching 'access_token' from the successful fetch.
I Want to know whether there is any cleaner way to replicate the above task of dealing with multiple Rest calls to accomplish a single task.
Also, I want to know whether I am missing out any essential validations from a security point of view.
java security rest spring spring-mvc
asked Apr 2 at 7:07
nithin pankajnithin pankaj
1111
New contributor
nithin pankaj is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
1
$begingroup$
Do you need to fetch the bearer token every time? Isn't it valid for some time after issuing, so you can cache it?
$endgroup$
– TomG
Apr 2 at 17:26
$begingroup$
@TomG Presently, the function determines whether or not call the Token Endpoint by checking whether the previous token has passed its expiry time.
$endgroup$
– nithin pankaj
Apr 2 at 18:20
add a comment |
$begingroup$
I am trying to consume a REST endpoint by using the RestTemplate Library provided by the spring framework.
The endpoint also demands a Bearer Access Token as its authorization header, which is only obtained as the response from a user authentication endpoint, which in turn expects an encoded Basic Auth in its Header.
This is the high-level implementation that I have done thus far.
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
headers.setBearerAuth(fetchAccessToken());
HttpEntity<String> entity = new HttpEntity<String>("parameters",headers);
ResponseEntity<?> result = this.restClient.exchange(urlToConsume, HttpMethod.GET, entity, String.class);
The 'fetchAccessToken' Method is implemented as follows
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.setBasicAuth(externalDestination.getClientId(),
externalDestination.getClientSecret());
HttpEntity<String> entity = new HttpEntity<String>("parameters", headers);
ResponseEntity<?> result = restClient.exchange(authUrl, HttpMethod.GET, entity, String.class);
//And Thereby fetching 'access_token' from the successful fetch.
I Want to know whether there is any cleaner way to replicate the above task of dealing with multiple Rest calls to accomplish a single task.
Also, I want to know whether I am missing out any essential validations from a security point of view.
java security rest spring spring-mvc
asked Apr 2 at 7:07
nithin pankajnithin pankaj
1111
New contributor
nithin pankaj is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
I am trying to consume a REST endpoint by using the RestTemplate Library provided by the spring framework.
The endpoint also demands a Bearer Access Token as its authorization header, which is only obtained as the response from a user authentication endpoint, which in turn expects an encoded Basic Auth in its Header.
This is the high-level implementation that I have done thus far.
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
headers.setBearerAuth(fetchAccessToken());
HttpEntity<String> entity = new HttpEntity<String>("parameters",headers);
ResponseEntity<?> result = this.restClient.exchange(urlToConsume, HttpMethod.GET, entity, String.class);
The 'fetchAccessToken' Method is implemented as follows
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.setBasicAuth(externalDestination.getClientId(),
externalDestination.getClientSecret());
HttpEntity<String> entity = new HttpEntity<String>("parameters", headers);
ResponseEntity<?> result = restClient.exchange(authUrl, HttpMethod.GET, entity, String.class);
//And Thereby fetching 'access_token' from the successful fetch.
I Want to know whether there is any cleaner way to replicate the above task of dealing with multiple Rest calls to accomplish a single task.
Also, I want to know whether I am missing out any essential validations from a security point of view.
java security rest spring spring-mvc
java security rest spring spring-mvc
asked Apr 2 at 7:07
nithin pankajnithin pankaj
1111
New contributor
nithin pankaj is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked Apr 2 at 7:07
nithin pankajnithin pankaj
1111
New contributor
nithin pankaj is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked Apr 2 at 7:07
nithin pankajnithin pankaj
1111
New contributor
nithin pankaj is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked Apr 2 at 7:07
nithin pankajnithin pankaj
1111
asked Apr 2 at 7:07
nithin pankajnithin pankaj
1111
1111
New contributor
nithin pankaj is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
nithin pankaj is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
nithin pankaj is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
$begingroup$
Do you need to fetch the bearer token every time? Isn't it valid for some time after issuing, so you can cache it?
$endgroup$
– TomG
Apr 2 at 17:26
$begingroup$
@TomG Presently, the function determines whether or not call the Token Endpoint by checking whether the previous token has passed its expiry time.
$endgroup$
– nithin pankaj
Apr 2 at 18:20
add a comment |
1
$begingroup$
Do you need to fetch the bearer token every time? Isn't it valid for some time after issuing, so you can cache it?
$endgroup$
– TomG
Apr 2 at 17:26
$begingroup$
@TomG Presently, the function determines whether or not call the Token Endpoint by checking whether the previous token has passed its expiry time.
$endgroup$
– nithin pankaj
Apr 2 at 18:20
1
1
$begingroup$
Do you need to fetch the bearer token every time? Isn't it valid for some time after issuing, so you can cache it?
$endgroup$
– TomG
Apr 2 at 17:26
$begingroup$
Do you need to fetch the bearer token every time? Isn't it valid for some time after issuing, so you can cache it?
$endgroup$
– TomG
Apr 2 at 17:26
$begingroup$
@TomG Presently, the function determines whether or not call the Token Endpoint by checking whether the previous token has passed its expiry time.
$endgroup$
– nithin pankaj
Apr 2 at 18:20
$begingroup$
@TomG Presently, the function determines whether or not call the Token Endpoint by checking whether the previous token has passed its expiry time.
$endgroup$
– nithin pankaj
Apr 2 at 18:20
add a comment |
1 Answer
1
active
oldest
votes
$begingroup$
You can have an interceptor on RestTemplate. It will be called for each request. You can have the access token logic within the interceptor. You can also implementing caching so that you do not fire two requests for each task. In case the token expires (401 response), you can regenerate the token
@Component
class MyInterceptor implements ClientHttpRequestInterceptor {
@Override
public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttpRequestExecution execution){
HttpHeaders headers = request.getHeaders();
headers.setBearerAuth(someCachedService.getBearerToken());
... response = execution.execute(request, body);
// handle unauthorized request
}
}
@Bean
RestTemplate restTemplate(MyInterceptor interceptor){
RestTemplate restTemplate = new RestTemplate();
restTemplate.setInterceptors(Arrays.asList(interceptor));
}
answered Apr 3 at 4:55
sidgatesidgate
1315
New contributor
sidgate is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["\$", "\$"]]);
});
});
}, "mathjax-editing");
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "196"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
nithin pankaj is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f216700%2feffective-secure-method-to-populate-access-token-for-authorization-header-in-r%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
$begingroup$
You can have an interceptor on RestTemplate. It will be called for each request. You can have the access token logic within the interceptor. You can also implementing caching so that you do not fire two requests for each task. In case the token expires (401 response), you can regenerate the token
@Component
class MyInterceptor implements ClientHttpRequestInterceptor {
@Override
public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttpRequestExecution execution){
HttpHeaders headers = request.getHeaders();
headers.setBearerAuth(someCachedService.getBearerToken());
... response = execution.execute(request, body);
// handle unauthorized request
}
}
@Bean
RestTemplate restTemplate(MyInterceptor interceptor){
RestTemplate restTemplate = new RestTemplate();
restTemplate.setInterceptors(Arrays.asList(interceptor));
}
answered Apr 3 at 4:55
sidgatesidgate
1315
New contributor
sidgate is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
add a comment |
$begingroup$
You can have an interceptor on RestTemplate. It will be called for each request. You can have the access token logic within the interceptor. You can also implementing caching so that you do not fire two requests for each task. In case the token expires (401 response), you can regenerate the token
@Component
class MyInterceptor implements ClientHttpRequestInterceptor {
@Override
public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttpRequestExecution execution){
HttpHeaders headers = request.getHeaders();
headers.setBearerAuth(someCachedService.getBearerToken());
... response = execution.execute(request, body);
// handle unauthorized request
}
}
@Bean
RestTemplate restTemplate(MyInterceptor interceptor){
RestTemplate restTemplate = new RestTemplate();
restTemplate.setInterceptors(Arrays.asList(interceptor));
}
answered Apr 3 at 4:55
sidgatesidgate
1315
New contributor
sidgate is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
add a comment |
$begingroup$
You can have an interceptor on RestTemplate. It will be called for each request. You can have the access token logic within the interceptor. You can also implementing caching so that you do not fire two requests for each task. In case the token expires (401 response), you can regenerate the token
@Component
class MyInterceptor implements ClientHttpRequestInterceptor {
@Override
public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttpRequestExecution execution){
HttpHeaders headers = request.getHeaders();
headers.setBearerAuth(someCachedService.getBearerToken());
... response = execution.execute(request, body);
// handle unauthorized request
}
}
@Bean
RestTemplate restTemplate(MyInterceptor interceptor){
RestTemplate restTemplate = new RestTemplate();
restTemplate.setInterceptors(Arrays.asList(interceptor));
}
answered Apr 3 at 4:55
sidgatesidgate
1315
New contributor
sidgate is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
You can have an interceptor on RestTemplate. It will be called for each request. You can have the access token logic within the interceptor. You can also implementing caching so that you do not fire two requests for each task. In case the token expires (401 response), you can regenerate the token
@Component
class MyInterceptor implements ClientHttpRequestInterceptor {
@Override
public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttpRequestExecution execution){
HttpHeaders headers = request.getHeaders();
headers.setBearerAuth(someCachedService.getBearerToken());
... response = execution.execute(request, body);
// handle unauthorized request
}
}
@Bean
RestTemplate restTemplate(MyInterceptor interceptor){
RestTemplate restTemplate = new RestTemplate();
restTemplate.setInterceptors(Arrays.asList(interceptor));
}
answered Apr 3 at 4:55
sidgatesidgate
1315
New contributor
sidgate is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered Apr 3 at 4:55
sidgatesidgate
1315
New contributor
sidgate is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered Apr 3 at 4:55
sidgatesidgate
1315
answered Apr 3 at 4:55
sidgatesidgate
1315
1315
New contributor
sidgate is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
sidgate is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
sidgate is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
nithin pankaj is a new contributor. Be nice, and check out our Code of Conduct.
nithin pankaj is a new contributor. Be nice, and check out our Code of Conduct.
nithin pankaj is a new contributor. Be nice, and check out our Code of Conduct.
nithin pankaj is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Code Review Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f216700%2feffective-secure-method-to-populate-access-token-for-authorization-header-in-r%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
$begingroup$
Do you need to fetch the bearer token every time? Isn't it valid for some time after issuing, so you can cache it?
$endgroup$
– TomG
Apr 2 at 17:26
$begingroup$
@TomG Presently, the function determines whether or not call the Token Endpoint by checking whether the previous token has passed its expiry time.
$endgroup$
– nithin pankaj
Apr 2 at 18:20