• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Login/https over spring - REST ?

 
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
We are planning to put up a bunch of rest services. But the thing that we want to implement is -
1. Authenticate a user over a login screen.
2. Subsequently proceed with https connection.

The services are all REST based and we don't want to ask user to enter login-password for every request?

Basically, we are looking for a login/logoff functionality for an application running over REST and Spring framework.
 
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
How are you implementing the REST client?
 
Mag Wells
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
here is the flow -

html pg --> web server(tomcat) --->rest services ---> db

The rest services are bundled in web server.
 
David Newton
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What's a "web pg"?

In any case, that doesn't actually help us much. If you're talking to REST services from within web pages, and you can only access those pages if you're logged in, you're already done. If the web services are available externally, then you'd just need to pass something around, like a session token, and keep it in the web session.
 
Mag Wells
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok. I think I need to give more information.

Thing is we have planned to develop REST services for various kind of information we have.
Now, we have to bring up a web interface as well for CRUD operations. The requirement is that only authenticated and authorized users should be able to perform such operations. So, how do we go about this ?

So now, to keep credentials in session, we'll have to develop a layer, possibly web layer over the existing REST services ? This layer would be consumer/client of REST services ? Is there any other way to do without session thing ? I mean directly calling REST Services say for example the web interface like javascript at the same time authenticating user ?

I don't want user to enter the credentials again and again .. i mean for every request.

-Mag
 
David Newton
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Did you read my original reply?
 
Mag Wells
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

David Newton wrote:What's a "web pg"?

you can only access those pages if you're logged in, you're already done. If the web services are available externally, then you'd just need to pass something around, like a session token, and keep it in the web session.



Yep, I read that. But thats the doubt. Basically, this is what I want to implement.

So say for example I have a login page. The user enters the credentials (username/passwd).
I authenticate/validate the user.
Now user has access to various webpages. say account.html
1. after authentication, everything should be over https protocol.
2. The javascripts in account.html (for example) generating the service requests should be over https protocol.
3. Further, when the request like GET /accounts is generated it should go over https and the receiving endpoint should authenticate the user/request.

are there any pointers/tutorials you know ... i am not sure about doing https over spring. just started with it. May be there are better ideas or frameworks to implement the same.
 
Mag Wells
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
my problem is something similar to what is stated here -
http://forum.springsource.org/showthread.php?t=85179
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic