aspose file tools*
The moose likes Spring and the fly likes Login/https over spring - REST ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Login/https over spring - REST ?" Watch "Login/https over spring - REST ?" New topic
Author

Login/https over spring - REST ?

Mag Wells
Ranch Hand

Joined: Jun 02, 2010
Posts: 38
We are planning to put up a bunch of rest services. But the thing that we want to implement is -
1. Authenticate a user over a login screen.
2. Subsequently proceed with https connection.

The services are all REST based and we don't want to ask user to enter login-password for every request?

Basically, we are looking for a login/logoff functionality for an application running over REST and Spring framework.
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

How are you implementing the REST client?
Mag Wells
Ranch Hand

Joined: Jun 02, 2010
Posts: 38
here is the flow -

html pg --> web server(tomcat) --->rest services ---> db

The rest services are bundled in web server.
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

What's a "web pg"?

In any case, that doesn't actually help us much. If you're talking to REST services from within web pages, and you can only access those pages if you're logged in, you're already done. If the web services are available externally, then you'd just need to pass something around, like a session token, and keep it in the web session.
Mag Wells
Ranch Hand

Joined: Jun 02, 2010
Posts: 38
Ok. I think I need to give more information.

Thing is we have planned to develop REST services for various kind of information we have.
Now, we have to bring up a web interface as well for CRUD operations. The requirement is that only authenticated and authorized users should be able to perform such operations. So, how do we go about this ?

So now, to keep credentials in session, we'll have to develop a layer, possibly web layer over the existing REST services ? This layer would be consumer/client of REST services ? Is there any other way to do without session thing ? I mean directly calling REST Services say for example the web interface like javascript at the same time authenticating user ?

I don't want user to enter the credentials again and again .. i mean for every request.

-Mag
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

Did you read my original reply?
Mag Wells
Ranch Hand

Joined: Jun 02, 2010
Posts: 38
David Newton wrote:What's a "web pg"?

you can only access those pages if you're logged in, you're already done. If the web services are available externally, then you'd just need to pass something around, like a session token, and keep it in the web session.


Yep, I read that. But thats the doubt. Basically, this is what I want to implement.

So say for example I have a login page. The user enters the credentials (username/passwd).
I authenticate/validate the user.
Now user has access to various webpages. say account.html
1. after authentication, everything should be over https protocol.
2. The javascripts in account.html (for example) generating the service requests should be over https protocol.
3. Further, when the request like GET /accounts is generated it should go over https and the receiving endpoint should authenticate the user/request.

are there any pointers/tutorials you know ... i am not sure about doing https over spring. just started with it. May be there are better ideas or frameworks to implement the same.
Mag Wells
Ranch Hand

Joined: Jun 02, 2010
Posts: 38
my problem is something similar to what is stated here -
http://forum.springsource.org/showthread.php?t=85179
 
 
subject: Login/https over spring - REST ?