-
Notifications
You must be signed in to change notification settings - Fork 0
Protecting your REST API
If you're using Spring as your web development framework of choice, you can easily protect your REST API with a Spring Filter that RSP4J provides.
Before you continue reading the guide, make sure you have the filter dependency installed. If you don't have it installed, head over to our dependency installation guide.
In order to register the Spring Filter, we must extend the AbstractProtectedRouteFilter
class and annotate it with @Component
:
import com.nsoft.api.security.spring.filter.AbstractProtectedRouteFilter;
import com.nsoft.api.security.spring.filter.ProtectedRouteFilterConfiguration;
import com.nsoft.api.security.spring.filter.route.ProtectedRouteRegistry;
import org.springframework.stereotype.Component;
@Component
public class MyRouteFilter extends AbstractProtectedRouteFilter {
@Override
protected void configureFilter(ProtectedRouteFilterConfiguration configuration) {
}
@Override
protected void registerProtectedRoutes(ProtectedRouteRegistry registry) {
}
}
Before the Filter can function properly it needs to be configured. This is done inside the #configureFilter
method.
When configuring the filter, the only required property is the processor configuration, which can be set as follows:
@Override
protected void configureFilter(ProtectedRouteFilterConfiguration configuration) {
configuration.setJWTProcessorConfiguration(new MyProcessorConfiguration());
}
If you don't have a processor configuration ready, please take a look at our Creating a Processor Configuration guide.
To protect your API routes via the filter, they must be explicitly registered in the #registerProtectedRoutes
method:
@Override
protected void registerProtectedRoutes(ProtectedRouteRegistry registry) {
registry.registerRoute("/route1"); // protects route for all HTTP methods
registry.registerRoute("/route2", "GET"); // protects route only for GET requests
registry.registerRoute("/route3/*"); // protects route with * as a placeholder for a single resource
registry.registerRoute("/route4/**"); // protects route with ** as a placeholder for multiple layers of resources
}