This is a book review for Packt Pub’s RESTful Java Web Services Security
RESTful APIs have been the driving force over the last few years to enable a wide range of client applications (mobile or web). Given the world that we live today, securing these endpoints is critical due to the potential damage that the attacker could cause if the endpoints are not secured enough. Material on securing REST services on the web is few and far between.
Packt Pub’s book is catered to address this important topic of security vis-a-vis RESTful Java Web Services. Here are the highlights of the book:
- The book begins by setting up the development environment and the basic sample application. It focuses on JBOSS and the RESTEasy implementation and the idea is to get your REST Service functional and running. This is a simple and effective approach in my opinion.
- The next chapter focuses on various security basics that include authentication, authorization and then Basic and Certificate based authentication. It provides an overview of API Keys for security too.
- The next 3 chapters are focused on RESTEasy and the mechanisms that it has for security your API Endpoints. The coverage includes use of Annotations and programmatic implementation of security. Other topics include OAuth, Digital Signatures and message body encryption.
I particularly liked the methodical approach of covering different areas of security. Not all of these mechanisms will apply to your implementation and hence it is good to look at them separately. If you looking for a good overview of REST Security concepts and if JBOSS/RESTEasy are your tools of choice, this is a good book.