Spring Security Authentication with REST API?
Question
I have a Grails backend that provides a REST api. My mobile app accesses this REST Api to obtain data from the server. The authentication, login and logout should be done with Spring Security.
This works great for Desktop users because I serve the pages that I build on my server.
How do I have to use Spring Security for my REST Controller to get the authentication, login and logout working?
2 answers
solution1
4 2013-11-20 21:35:44
If you're providing a REST API, there is likely no need to implement login and logout. In terms of authentication, generally the easiest thing to do is to use HTTP Basic. Spring Security supports Basic out of the box, so that shouldn't be a problem for you.
Here's a good read from Erwin Vervaet's blog about setting up Grails to use HTTP Basic authentication .
solution2
3 2013-11-21 03:53:47
Please see How does Spring Security sessions work? to make sense spring security sessions. Your mobile app doesn't provide cookies as browsers on desktop do for you. So you could consider including jsessionid in each mobile request after first login, this is to leverage full authorization and authentication support in spring security than basic auth could do.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.