Authentication helps a lot with answering the question about who is accessing the system. However, in most cases, this is not enough as the next challenge to solve is what the authenticated user is allowed to do.
- [Narrator] In the previous video, we learned what…authentication is in the context of web services and APIs.…In this video, we're going to tackle another important…security measure called authorization.…We will be taking at look at authorization as another…mechanism to limit the access to protected resources,…and what Spray Routing DSL can offer with respect…to its support.…When the computer system or web service knows who's…accessing it, it can take one step forward and restrict,…or allow, the requester to perform a particular action.…
Most intuitive example is associating roles with each user…of the system.…Letting administrators to have more freedom…than regular users.…Getting back to book catalog web services, it sounds…like a good idea to let only power users to modify, delete,…create, or update books and publishers from the catalog.…Let us think what we can do about that.…There are many different approaches to the model access…control, ranging from the native to quite complex.…
For the book catalog, we're going to assign every user…
Embark on an exciting journey into the universe of web development using the Scala programming language and frameworks—natural choices for back-end developers building highly scalable, reliable, and reactive RESTful web services and APIs. This training is the starting point for mastering the nonblocking and asynchronous programming models that lie in the heart of the Spray framework. It starts with an introduction to the REST architecture. Then switch gears to the Akka toolkit and framework, building a sample book catalog application along the way.
Once you've learned about the REST architectural style and Actor model—the foundations that the Spray framework is built upon—you'll shape out your own RESTful web services by providing simple route definitions. Further on in the course, author Andriy Redko delves into authentication and authorization, secure transport, documentation, testing, and caching support. Finally, you will learn how to develop the Spray client API to call external web services.
- The Actor model and Akka framework
- RESTful architecture principles and constraints
- Building RESTful services
- Core Spray framework modules such as spray-can, spray-routing, spray-json, spray-caching, and spray-client
- Securing RESTful web services and APIs with Spray
- Configuring Spray applications with HTTPS support
- Documenting Spray RESTful web services using Swagger
- Caching basics
- Calling external RESTful services