1

I've a small architecture as follows :

  • Client-App (using GWT)
  • RESTful-services (using Spring)

Client can communicate with services through ProxyServlet to avoid 'Same-Origin-Policy' because they were deployed as different applications (WAR)

The RESTful-services were secured using Spring-Security, and also the Client-App

The question is, how to sign-in in one application (say client), and use that session to make calls on the other app?

Mohamed Shaaban
  • 1,129
  • 6
  • 13
  • GWT calls are basically HTTP requests. So if you authenticate your HTTP requests once with Spring Security it should also apply to any call made from the GWT client side. – Ümit Oct 25 '12 at 08:07
  • But the 2 different apps deployed on 2 different servers, and the granted ticket were granted for one of them (as a Cookie), not both. is there a way to make Proxy with form authentication or something like that? – Mohamed Shaaban Oct 30 '12 at 06:36
  • ok however a true restful service should be stateless and thus there shouldn't be a session cookie. I guess you can use some proxy settings to pass on the authentication cookie. However also try to look into ["true" restful authentication](http://stackoverflow.com/questions/319530/restful-authentication). – Ümit Oct 30 '12 at 07:57

0 Answers0