Treffer: Varovanje programskih vmesnikov spletnih storitev v sodobnih porazdeljenih sistemih s protokolom OpenID Connect: diplomsko delo

In this thesis we have described how to protect the access points in our web application. We secured them by adding an authorization layer, which checks for user privileges on every call made on the access points. This was achieved by using protocol OpenID Connect, which is implemented by the opensource service Keycloak. For demonstration purposes, we prepared a web application built in Spring Boot framework and written in the Java programming language. After evaluating the usage of protected end-points, we have deducted that protocol OpenID Connect is a simple and appropriate solution for authorization purposes. For an extra layer of security, OpenID Connect offers additional functionality with the possibility of authenticating users, but that was not the purpose of this project.
V diplomskem delu smo opisali, kako zavarovati dostopne točke spletnih aplikacij v porazdeljenih sistemih. Zavarovali smo jih s slojem avtorizacije, ki ob vsakem poskusu klica dostopnih točk preveri dovoljenja klicatelja. To smo dosegli s protokolom OpenID Connect, ki ga implementira odprtokodna rešitev Keycloak. Za prikaz delovanja varovanja v različnih scenarijih smo pripravili spletno aplikacijo, zgrajeno v aplikacijskem ogrodju Spring Boot in napisano v jeziku Java. Po analizi uporabe dostopnih točk preko varnostnega sloja smo ugotovili, da je protocol OpenID Connect enostavna in primerna rešitev za avtoriziranje zunanjih uporabnikov. Za dodaten nivo varnosti OpenID Connect ponuja rešitev za avtentikacijo uporabnikov, kar pa ni bil cilj naloge.