I'm new to Dropwizard and I've been trying to wrap my head around how authentication and authorisation work.
Up until recently I've bene using Play! 1.2.X to deploy my REST APIs and used the Play! Secure and Deadbolt modules to handle security.
I'm not using BasicAuth or OAuth; I plan on mimicking the approach I've used in Play!: once the user has logged in a "token" is put into a session cookie and that session cookie is passed between each subsequent request and response. If the session cookie is tampered with in anyway then it is immediately invalidated and the user most log in again.
I've seen similar questions before, and peeskillet's answer to this question really helped clear a few things up. However I still have a few questions of my own:
- As I understand it, Dropwizard 0.9.0 brought about some major changes to authentication, so what are the main differences? Are there examples of how authentication works now?
- Like I said, I intend on using the approach outlined above, so how would I implement that behaviour in Dropwizard? Are there any examples of this approach already implemented?
