REST Web service. Making service system not accessible
I have REST Web service written in Java. Now I want to disable Web service such as services (GET methods) won't be accessible over URI or by application. That means I still can access the service program over Web browser but other people would not be able to invokes service methods with URI or other programs. I want to keep the structure of the program the same, but make it like Web application; I do not wa开发者_JS百科nt to rewrite it. For example, you can't make the service methods private because then you can't run the program assessing via the browser. What are your solutions? Cheers
there is no reliable way to do this. You could require a request header for user-agent, but nothing stops a minimally savvy user from just putting a false request header on the request, regardless of the tool they are using.
you should instead focus on implementing proper security via authentication and authorization. There are plenty of tools out there that you can use.
精彩评论