I have to secure my restful web services so that if any one will get uri of my restful web services then also with the help of that uri any one cant access my restful web services . I want to design a restful web services in such a way that only my dynamic web application running in different server can access my restful web services . I am doing this by setting authentication header , I am putting username of the user in authentication header and in restful web services i am checking these value from the data base , this is like session management , i am confuse whether this is good approach , because we should not mention session in restful web services .
second thing is that i am putting some encoded string in authentication header and we will also check these value in the filter of restful web services , for protecting from third party , is this approach is good , if not can you tell me the good approach , Thanks
Aucun commentaire:
Enregistrer un commentaire