Closed. This question needs details or clarity. It is not currently accepting answers. Add details and clarify the problem you’re solving. This will help others answer the question. You can edit the question or post a new one.
Closed 6 hours ago.
(Private feedback for you)
Hi security and how people hack is not something, I know a lot about. I have implemented a simple authorization. Where a request to a service is only allowed if in the header there is a JSTLToken, that contains the correct id information.
I am thinking is there the possibility of intercepting requests, and extracting all the header information.
I am not sure if it is a problem. But currently when a request is made, the security token is added to the request
Enumeration<String> names = request.getHeaders("authorization");
log.info("Calling "+authorizationServer);
if(names.hasMoreElements()) {
HttpHeaders headers=new HttpHeaders();
while (names.hasMoreElements()) {
String token = names.nextElement();
names.get
log.info("AUTHORISATION "+name);
headers.add(HttpHeaders.AUTHORIZATION, token);
}
HttpEntity httpHeaders=new HttpEntity<String>("parameters",headers);
Is this a safe and secure way to pass a token via the header.
Aucun commentaire:
Enregistrer un commentaire