I am developing a spring web application where in, the jsp pages don't contain the data directly, instead after the jsps are loaded, I make rest calls using ajax and interact with the server. The main requirement of my customer is that the server remain stateless and username and password should not stored in plain text on client. I have looked at various examples which authenticate Web and REST services separately. I need a unified solution. If anyone can help me I would really appreciate it. I have spent almost a week now trying to come up with a solution. Thanks
Asked
Active
Viewed 4,630 times
0
-
could you share of what things you tried or which examples you referred? – DevelopmentIsMyPassion Feb 25 '14 at 20:50
-
I have looked into- http://www.baeldung.com/2011/10/31/securing-a-restful-web-service-with-spring-security-3-1-part-3/ http://stackoverflow.com/questions/18205436/spring-mvc-spring-security-login-with-a-rest-web-service http://stackoverflow.com/questions/10826293/restful-authentication-via-spring http://krams915.blogspot.in/2010/12/spring-security-mvc-integration.html – Karan K Feb 26 '14 at 03:26
1 Answers
1
what you need is just use a token for authorization.On successful authentication you can issue a token,validate all the rest api calls with that token and store the token in a cookie for client side and in db for server side as well.On logout request invalidate the token.You can do this in spring security filter chain.I don't how much you have achieved now? the following link may be useful
