cainawuha
commented
3 years ago Using Spring Security to secure RESTful-WS is a three-step process: First, in the web application deployment descriptor (web.xml), a security filter named springSecurityFilterChain needs to be added add a Spring configuration class for security where we will declare who can access the application and what they are allowed to do, The filter springSecurityFilterChain is used to enable Spring Security to intercept the HTTP request for an authentication and authorization check. Because we want to secure only RESTful-WS, the filter is applied only to the URL pattern /rest/*hasRole("REMOTE").anyRequest().authenticated()
REST defines a set of architectural constraints that together describe a uniform interface for accessing resources
The @ResponseBody annotation instructs that all the return values from the methods should be written to the HTTP response stream directly and not matched to a view.
An httpInvokerServiceExporter bean is for exporting Spring bean as a service via the HTTP invoker
Spring web applications follow the Front Controller design pattern,4 where all requests are received by a single controller, which later dispatches them to the appropriate handlers (controller classes). This central dispatcher is an instance of org.springframework.web.servlet.DispatcherServlet
For Spring-based applications, the RestTemplate class is designed to access RESTful web services.