Spring Security - Rest API

Question

I am new to spring security

I have a front end application built using vuejs which calls spring rest api to interact with the backend system.

I have a login page where user enters the password. I want to be able to authorise the user if his login is correct and for the subsequent request authorise him with rememberMe token.

I know there is a lot of information available on the topic but

What is the right way to implement? Should i use basic authentication ? If I am using basic authentication , how should i set up remember me along with basic authentication?

Should the authentication be handled in post call instead of using a auth filter?

Answer 1

Here are two scenario

• If your front-end is built on any frontend framework and it's not dependent on any Server Pages(eg JSP, Freemarker, velocity) or you want your frontend application to connect to your backend application through web services(Rest web service or SOAP web service) then you need to implement your own token base authentication with help of spring security instead of Basic Authentication of Spring security.

• Else you should go with Spring Security Basic authentication, for implement Remember-me with spring security, Spring Security provides two implementations for Remember-Me :

  1: Simple Hash-Based Token Approach: It uses hashing to preserve the security of cookie-based tokens

  2: Persistent Token Approach: It uses a database or other persistent storage mechanism to store the generated tokens

Here is spring remember-me doc for it