Reader small image

You're reading from  Modern API Development with Spring 6 and Spring Boot 3 - Second Edition

Product typeBook
Published inSep 2023
Reading LevelIntermediate
PublisherPackt
ISBN-139781804613276
Edition2nd Edition
Languages
Concepts
Right arrow
Author (1)
Sourabh Sharma
Sourabh Sharma
author image
Sourabh Sharma

Sourabh Sharma is a Senior Development Manager at Oracle with over 20 years of experience in the industry. He is a manager and architect who has been designing on-premise and cloud-based applications using Java, Javascript, and Oracle DB. Sourabh has worked with leading companies and delivered enterprise products and applications. His expertise lies in conceptualizing, modeling, designing, and developing N-tier and cloud-based web applications while leading teams. Sourabh's experience also includes developing microservice-based solutions and implementing various types of workflow and orchestration engines. He believes in continuous learning and sharing knowledge through his books and training.
Read more about Sourabh Sharma

Right arrow

Securing REST APIs with JWT

In this section, you’ll secure the REST endpoints exposed in Chapter 4, Writing Business Logic for APIs. Therefore, we’ll use the code from Chapter 4 and enhance it to secure the APIs.

The REST APIs should be protected using the following techniques:

  • No secure API should be accessed without a JWT.
  • A JWT can be generated using sign-in/sign-up or a refresh token.
  • A JWT and a refresh token should only be provided for a valid user’s username/password combination or a valid user sign-up.
  • The password should be stored in an encoded format using a bcrypt strong hashing function.
  • The JWT should be signed with Rivest-Shamir-Adleman (RSA) keys with a strong algorithm.

RSA

RSA is an algorithm approved by the Federal Information Processing Standards (FIPS) (FIPS 186) for digital signatures and in Special Publication (SP) (SP800-56B) for key establishment.

  • Claims in the payload should not store sensitive...
lock icon
The rest of the page is locked
Previous PageNext Page
You have been reading a chapter from
Modern API Development with Spring 6 and Spring Boot 3 - Second Edition
Published in: Sep 2023Publisher: PacktISBN-13: 9781804613276

Author (1)

author image
Sourabh Sharma

Sourabh Sharma is a Senior Development Manager at Oracle with over 20 years of experience in the industry. He is a manager and architect who has been designing on-premise and cloud-based applications using Java, Javascript, and Oracle DB. Sourabh has worked with leading companies and delivered enterprise products and applications. His expertise lies in conceptualizing, modeling, designing, and developing N-tier and cloud-based web applications while leading teams. Sourabh's experience also includes developing microservice-based solutions and implementing various types of workflow and orchestration engines. He believes in continuous learning and sharing knowledge through his books and training.
Read more about Sourabh Sharma