Quantcast
Grails Grails - user

Securing a REST API in Grails using SSL Cert Auth.

classic Classic list List threaded Threaded
8 messages Options
Markus Plänitz
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Securing a REST API in Grails using SSL Cert Auth.

Markus Plänitz

Hi,

 

i searched a lot, but I didn´t found anything which is helpful for what I need to do.

 

I want to secure a restfull webservice (written in grails) with SSL certificate authentication, so I can see who is sending those request based on the client certificate. What I have found is the other way around, using httpbuilder to log into webservices which needs cert auth,  but I really have no clue how to secure and authenticate clients using my rest api.

 

Maybe someone can push me in the right direction.

 

Thank you in advance,

Markus

lo_toad
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Securing a REST API in Grails using SSL Cert Auth.

lo_toad
Not sure if it does everything you want but the Spring Security Plugin by Burt Beckwith has allowed me to secure a REST service with HTTPS SSL http://www.grails.org/plugin/spring-security-core

Make sure you set the correct port settings in Config.groovy if you are fronting Tomcat with Apache:

grails.plugins.springsecurity.portMapper.httpPort = 80
grails.plugins.springsecurity.portMapper.httpsPort = 443

The ease of doing things like this makes me love Graills!

Jim.
Markus Plänitz
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

AW: [grails-user] Re: Securing a REST API in Grails using SSL Cert Auth.

Markus Plänitz
Hi Jim,

SSL itself is not a problem, what i want to do is authenticate a client who
is using this rest api, so that i can give him only those information's (via
api) he has a right for getting.

The setting is that multiple servers will be using this rest api and I need
to know which server is asking and to make sure that this server is not
pretending to be someone else. Using user + password is one possibility for
that, but not the securest way to do it I think.

Sorry when I was a little bit unclear in my first mail.

But anyway thanks for your idea!

Markus



-----Ursprüngliche Nachricht-----
Von: lo_toad [mailto:[hidden email]]
Gesendet: Donnerstag, 24. Februar 2011 17:53
An: [hidden email]
Betreff: [grails-user] Re: Securing a REST API in Grails using SSL Cert
Auth.


Not sure if it does everything you want but the Spring Security Plugin by
Burt Beckwith has allowed me to secure a REST service with HTTPS SSL
http://www.grails.org/plugin/spring-security-core
http://www.grails.org/plugin/spring-security-core 

Make sure you set the correct port settings in Config.groovy if you are
fronting Tomcat with Apache:

grails.plugins.springsecurity.portMapper.httpPort = 80
grails.plugins.springsecurity.portMapper.httpsPort = 443

The ease of doing things like this makes me love Graills!

Jim.
--
View this message in context:
http://grails.1312388.n4.nabble.com/Securing-a-REST-API-in-Grails-using-SSL-
Cert-Auth-tp3322794p3322939.html
Sent from the Grails - user mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email




---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email
Sebastian Esch
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Securing a REST API in Grails using SSL Cert Auth.

Sebastian Esch
Hi Markus,

Spring Security should be able to do what you want.
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/x509.html

I dont know if the Spring Security Core Plugin supports X.509 Client
Authentication. It would at least provide a starting point.

Cheers,
Sebastian

2011/2/24 Markus Plänitz <[hidden email]>:

> Hi Jim,
>
> SSL itself is not a problem, what i want to do is authenticate a client who
> is using this rest api, so that i can give him only those information's (via
> api) he has a right for getting.
>
> The setting is that multiple servers will be using this rest api and I need
> to know which server is asking and to make sure that this server is not
> pretending to be someone else. Using user + password is one possibility for
> that, but not the securest way to do it I think.
>
> Sorry when I was a little bit unclear in my first mail.
>
> But anyway thanks for your idea!
>
> Markus
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: lo_toad [mailto:[hidden email]]
> Gesendet: Donnerstag, 24. Februar 2011 17:53
> An: [hidden email]
> Betreff: [grails-user] Re: Securing a REST API in Grails using SSL Cert
> Auth.
>
>
> Not sure if it does everything you want but the Spring Security Plugin by
> Burt Beckwith has allowed me to secure a REST service with HTTPS SSL
> http://www.grails.org/plugin/spring-security-core
> http://www.grails.org/plugin/spring-security-core
>
> Make sure you set the correct port settings in Config.groovy if you are
> fronting Tomcat with Apache:
>
> grails.plugins.springsecurity.portMapper.httpPort = 80
> grails.plugins.springsecurity.portMapper.httpsPort = 443
>
> The ease of doing things like this makes me love Graills!
>
> Jim.
> --
> View this message in context:
> http://grails.1312388.n4.nabble.com/Securing-a-REST-API-in-Grails-using-SSL-
> Cert-Auth-tp3322794p3322939.html
> Sent from the Grails - user mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>
>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email
burtbeckwith
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Securing a REST API in Grails using SSL Cert Auth.

burtbeckwith
See section "9.2 Certificate (X509) Login Authentication" in http://burtbeckwith.github.com/grails-spring-security-core/docs/manual/

Burt

> Hi Markus,
>
> Spring Security should be able to do what you want.
> http://static.springsource.org/spring-security/site/docs/3.0.x/reference/x509.html
>
> I dont know if the Spring Security Core Plugin supports X.509 Client
> Authentication. It would at least provide a starting point.
>
> Cheers,
> Sebastian
>
> 2011/2/24 Markus Plänitz <[hidden email]>:
> > Hi Jim,
> >
> > SSL itself is not a problem, what i want to do is authenticate a client who
> > is using this rest api, so that i can give him only those information's (via
> > api) he has a right for getting.
> >
> > The setting is that multiple servers will be using this rest api and I need
> > to know which server is asking and to make sure that this server is not
> > pretending to be someone else. Using user + password is one possibility for
> > that, but not the securest way to do it I think.
> >
> > Sorry when I was a little bit unclear in my first mail.
> >
> > But anyway thanks for your idea!
> >
> > Markus
> >
> >
> >
> > -----Ursprüngliche Nachricht-----
> > Von: lo_toad [mailto:[hidden email]]
> > Gesendet: Donnerstag, 24. Februar 2011 17:53
> > An: [hidden email]
> > Betreff: [grails-user] Re: Securing a REST API in Grails using SSL Cert
> > Auth.
> >
> >
> > Not sure if it does everything you want but the Spring Security Plugin by
> > Burt Beckwith has allowed me to secure a REST service with HTTPS SSL
> > http://www.grails.org/plugin/spring-security-core
> > http://www.grails.org/plugin/spring-security-core
> >
> > Make sure you set the correct port settings in Config.groovy if you are
> > fronting Tomcat with Apache:
> >
> > grails.plugins.springsecurity.portMapper.httpPort = 80
> > grails.plugins.springsecurity.portMapper.httpsPort = 443
> >
> > The ease of doing things like this makes me love Graills!
> >
> > Jim.
> > --
> > View this message in context:
> > http://grails.1312388.n4.nabble.com/Securing-a-REST-API-in-Grails-using-SSL-
> > Cert-Auth-tp3322794p3322939.html
> > Sent from the Grails - user mailing list archive at Nabble.com.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe from this list, please visit:
> >
> >    http://xircles.codehaus.org/manage_email
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe from this list, please visit:
> >
> >    http://xircles.codehaus.org/manage_email
> >
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>     http://xircles.codehaus.org/manage_email
>
>
>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email
Bernardo Gomez Palacio
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Securing a REST API in Grails using SSL Cert Auth.

Bernardo Gomez Palacio
Follow Burt's guide. In addition to this you can leverage the grails-rest plugin for the clients which already has support for keys and trust stores (http://www.grails.org/plugin/rest)

Config.groovy
/** SSL truststore configuration key if needed.*/
rest.https.truststore.path = '/your/path/certs/truststore.jks'
/** SSL keystore configuration key */
rest.https.keystore.path='/your/path/certs/keystore.jks'
/** SSL keystore password configuration key */
rest.https.keystore.pass='changeme'
/** Certificate Hostname Verifier configuration key */
rest.https.cert.hostnameVerifier = 'BROWSER_COMPATIBLE'
/** Enforce SSL Socket Factory */
rest.https.sslSocketFactory.enforce = true

Bernardo.

On Thu, Feb 24, 2011 at 11:15 AM, Burt Beckwith <[hidden email]> wrote:
See section "9.2 Certificate (X509) Login Authentication" in http://burtbeckwith.github.com/grails-spring-security-core/docs/manual/

Burt

> Hi Markus,
>
> Spring Security should be able to do what you want.
> http://static.springsource.org/spring-security/site/docs/3.0.x/reference/x509.html
>
> I dont know if the Spring Security Core Plugin supports X.509 Client
> Authentication. It would at least provide a starting point.
>
> Cheers,
> Sebastian
>
> 2011/2/24 Markus Plänitz <[hidden email]>:
> > Hi Jim,
> >
> > SSL itself is not a problem, what i want to do is authenticate a client who
> > is using this rest api, so that i can give him only those information's (via
> > api) he has a right for getting.
> >
> > The setting is that multiple servers will be using this rest api and I need
> > to know which server is asking and to make sure that this server is not
> > pretending to be someone else. Using user + password is one possibility for
> > that, but not the securest way to do it I think.
> >
> > Sorry when I was a little bit unclear in my first mail.
> >
> > But anyway thanks for your idea!
> >
> > Markus
> >
> >
> >
> > -----Ursprüngliche Nachricht-----
> > Von: lo_toad [mailto:[hidden email]]
> > Gesendet: Donnerstag, 24. Februar 2011 17:53
> > An: [hidden email]
> > Betreff: [grails-user] Re: Securing a REST API in Grails using SSL Cert
> > Auth.
> >
> >
> > Not sure if it does everything you want but the Spring Security Plugin by
> > Burt Beckwith has allowed me to secure a REST service with HTTPS SSL
> > http://www.grails.org/plugin/spring-security-core
> > http://www.grails.org/plugin/spring-security-core
> >
> > Make sure you set the correct port settings in Config.groovy if you are
> > fronting Tomcat with Apache:
> >
> > grails.plugins.springsecurity.portMapper.httpPort = 80
> > grails.plugins.springsecurity.portMapper.httpsPort = 443
> >
> > The ease of doing things like this makes me love Graills!
> >
> > Jim.
> > --
> > View this message in context:
> > http://grails.1312388.n4.nabble.com/Securing-a-REST-API-in-Grails-using-SSL-
> > Cert-Auth-tp3322794p3322939.html
> > Sent from the Grails - user mailing list archive at Nabble.com.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe from this list, please visit:
> >
> >    http://xircles.codehaus.org/manage_email
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe from this list, please visit:
> >
> >    http://xircles.codehaus.org/manage_email
> >
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>     http://xircles.codehaus.org/manage_email
>
>
>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

   http://xircles.codehaus.org/manage_email
Markus Plänitz
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

AW: [grails-user] Re: Securing a REST API in Grails using SSL Cert Auth.

Markus Plänitz

Thank you all for your help, I will try that now.  I hope you don’t mind if I come back with further questions if there are any.

 

Markus

 

Von: Bernardo Gomez Palacio [mailto:[hidden email]]
Gesendet: Donnerstag, 24. Februar 2011 21:53
An: [hidden email]
Betreff: Re: [grails-user] Re: Securing a REST API in Grails using SSL Cert Auth.

 

Follow Burt's guide. In addition to this you can leverage the grails-rest plugin for the clients which already has support for keys and trust stores (http://www.grails.org/plugin/rest)

Config.groovy

 
/** SSL truststore configuration key if needed.*/
rest.https.truststore.path = '/your/path/certs/truststore.jks'
/** SSL keystore configuration key */
rest.https.keystore.path='/your/path/certs/keystore.jks'
/** SSL keystore password configuration key */
rest.https.keystore.pass='changeme'
/** Certificate Hostname Verifier configuration key */
rest.https.cert.hostnameVerifier = 'BROWSER_COMPATIBLE'
/** Enforce SSL Socket Factory */
rest.https.sslSocketFactory.enforce = true

 

Bernardo.

 

On Thu, Feb 24, 2011 at 11:15 AM, Burt Beckwith <[hidden email]> wrote:

See section "9.2 Certificate (X509) Login Authentication" in http://burtbeckwith.github.com/grails-spring-security-core/docs/manual/

Burt


> Hi Markus,
>
> Spring Security should be able to do what you want.
> http://static.springsource.org/spring-security/site/docs/3.0.x/reference/x509.html
>
> I dont know if the Spring Security Core Plugin supports X.509 Client
> Authentication. It would at least provide a starting point.
>
> Cheers,
> Sebastian
>
> 2011/2/24 Markus Plänitz <[hidden email]>:
> > Hi Jim,
> >
> > SSL itself is not a problem, what i want to do is authenticate a client who
> > is using this rest api, so that i can give him only those information's (via
> > api) he has a right for getting.
> >
> > The setting is that multiple servers will be using this rest api and I need
> > to know which server is asking and to make sure that this server is not
> > pretending to be someone else. Using user + password is one possibility for
> > that, but not the securest way to do it I think.
> >
> > Sorry when I was a little bit unclear in my first mail.
> >
> > But anyway thanks for your idea!
> >
> > Markus
> >
> >
> >
> > -----Ursprüngliche Nachricht-----
> > Von: lo_toad [mailto:[hidden email]]
> > Gesendet: Donnerstag, 24. Februar 2011 17:53
> > An: [hidden email]
> > Betreff: [grails-user] Re: Securing a REST API in Grails using SSL Cert
> > Auth.
> >
> >
> > Not sure if it does everything you want but the Spring Security Plugin by
> > Burt Beckwith has allowed me to secure a REST service with HTTPS SSL
> > http://www.grails.org/plugin/spring-security-core
> > http://www.grails.org/plugin/spring-security-core
> >
> > Make sure you set the correct port settings in Config.groovy if you are
> > fronting Tomcat with Apache:
> >
> > grails.plugins.springsecurity.portMapper.httpPort = 80
> > grails.plugins.springsecurity.portMapper.httpsPort = 443
> >
> > The ease of doing things like this makes me love Graills!
> >
> > Jim.
> > --
> > View this message in context:
> > http://grails.1312388.n4.nabble.com/Securing-a-REST-API-in-Grails-using-SSL-
> > Cert-Auth-tp3322794p3322939.html
> > Sent from the Grails - user mailing list archive at Nabble.com.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe from this list, please visit:
> >
> >    http://xircles.codehaus.org/manage_email
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe from this list, please visit:
> >
> >    http://xircles.codehaus.org/manage_email
> >
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>     http://xircles.codehaus.org/manage_email
>
>
>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

   http://xircles.codehaus.org/manage_email

 
Bernardo Gomez Palacio
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: AW: [grails-user] Re: Securing a REST API in Grails using SSL Cert Auth.

Bernardo Gomez Palacio

Wouldn't mind at all :)
On Feb 24, 2011 11:26 PM, "Markus Plänitz" <[hidden email]> wrote:
>
> Thank you all for your help, I will try that now.  I hope you don’t mind if I come back with further questions if there are any.
>
>  
>
> Markus
>
>  
>
> Von: Bernardo Gomez Palacio [mailto:[hidden email]]
> Gesendet: Donnerstag, 24. Februar 2011 21:53
>
> An: [hidden email]
> Betreff: Re: [grails-user] Re: Securing a REST API in Grails using SSL Cert Auth.
>
>  
>
> Follow Burt's guide. In addition to this you can leverage the grails-rest plugin for the clients which already has support for keys and trust stores (http://www.grails.org/plugin/rest)
>
> Config.groovy
>
>  
>
> /** SSL truststore configuration key if needed.*/
>
> rest.https.truststore.path = '/your/path/certs/truststore.jks'
>
> /** SSL keystore configuration key */
>
> rest.https.keystore.path='/your/path/certs/keystore.jks'
> /** SSL keystore password configuration key */
>
> rest.https.keystore.pass='changeme'
>
> /** Certificate Hostname Verifier configuration key */
>
> rest.https.cert.hostnameVerifier = 'BROWSER_COMPATIBLE'
>
> /** Enforce SSL Socket Factory */
>
> rest.https.sslSocketFactory.enforce = true
>
>  
>
> Bernardo.
>
>  
>
> On Thu, Feb 24, 2011 at 11:15 AM, Burt Beckwith <[hidden email]> wrote:
>
> See section "9.2 Certificate (X509) Login Authentication" in http://burtbeckwith.github.com/grails-spring-security-core/docs/manual/
>
> Burt
>
>
> > Hi Markus,
> >
> > Spring Security should be able to do what you want.
> > http://static.springsource.org/spring-security/site/docs/3.0.x/reference/x509.html
> >
> > I dont know if the Spring Security Core Plugin supports X.509 Client
> > Authentication. It would at least provide a starting point.
> >
> > Cheers,
> > Sebastian
> >
> > 2011/2/24 Markus Plänitz <[hidden email]>:
> > > Hi Jim,
> > >
> > > SSL itself is not a problem, what i want to do is authenticate a client who
> > > is using this rest api, so that i can give him only those information's (via
> > > api) he has a right for getting.
> > >
> > > The setting is that multiple servers will be using this rest api and I need
> > > to know which server is asking and to make sure that this server is not
> > > pretending to be someone else. Using user + password is one possibility for
> > > that, but not the securest way to do it I think.
> > >
> > > Sorry when I was a little bit unclear in my first mail.
> > >
> > > But anyway thanks for your idea!
> > >
> > > Markus
> > >
> > >
> > >
> > > -----Ursprüngliche Nachricht-----
> > > Von: lo_toad [mailto:[hidden email]]
> > > Gesendet: Donnerstag, 24. Februar 2011 17:53
> > > An: [hidden email]
> > > Betreff: [grails-user] Re: Securing a REST API in Grails using SSL Cert
> > > Auth.
> > >
> > >
> > > Not sure if it does everything you want but the Spring Security Plugin by
> > > Burt Beckwith has allowed me to secure a REST service with HTTPS SSL
> > > http://www.grails.org/plugin/spring-security-core
> > > http://www.grails.org/plugin/spring-security-core
> > >
> > > Make sure you set the correct port settings in Config.groovy if you are
> > > fronting Tomcat with Apache:
> > >
> > > grails.plugins.springsecurity.portMapper.httpPort = 80
> > > grails.plugins.springsecurity.portMapper.httpsPort = 443
> > >
> > > The ease of doing things like this makes me love Graills!
> > >
> > > Jim.
> > > --
> > > View this message in context:
> > > http://grails.1312388.n4.nabble.com/Securing-a-REST-API-in-Grails-using-SSL-
> > > Cert-Auth-tp3322794p3322939.html
> > > Sent from the Grails - user mailing list archive at Nabble.com.
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe from this list, please visit:
> > >
> > >    http://xircles.codehaus.org/manage_email
> > >
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe from this list, please visit:
> > >
> > >    http://xircles.codehaus.org/manage_email
> > >
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe from this list, please visit:
> >
> >     http://xircles.codehaus.org/manage_email
> >
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>  
Loading...
Powered by Nabble Edit this page