Chapter 5. Securing a Restlet application

This chapter covers

  • Securing the communication
  • Authenticating the remote user
  • Assigning roles to the authenticated user
  • Authorizing the user to perform actions on the system
  • Ensuring end-to-end integrity of the data

In chapter 3 you saw how to deploy a Restlet application on premises, but this application was freely accessible to any client. In the real world free accessibility is rarely desirable, and a point comes when you need to take security into account. This chapter covers how to secure a Restlet application. We address the issue of securing the communication between the client and the server by using transport level security that can ensure confidentiality and integrity of the exchange.

Then we go through three related notions: authentication, assignment of roles, and authorization. The section on authentication guides you through verifying the identity of the remote user. The section on role assignments shows how remote users may be mapped into the system’s overall identity management structures, specifically via roles in the application. The section on authorization shows how to grant or deny users permission to perform an action, depending on their authentication status and on the action they wish to perform.

5.1. Ensuring transport confidentiality and integrity

5.2. Authenticating users

5.3. Assigning roles to authenticated users

5.4. Authorizing user actions

5.5. Ensuring end-to-end integrity of data

5.6. Summary