Two Laptop Bag*
The moose likes Web Services and the fly likes Best practice for user authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Best practice for user authentication" Watch "Best practice for user authentication" New topic
Author

Best practice for user authentication

james frain
Ranch Hand

Joined: Apr 06, 2011
Posts: 36
About to implement a solution which allows a user to login/register from a JSP page OR from an Android client. We will be using REST exclusively.
What I plan on doing is as follows.
User Registers, causing a user token (name/pwd) to be POSTED to my REST service. This will be persisted and an Auth token created for this user and the username,pwd and Auth token will all be persisted.
The Auth token is then returned to the user and sent back with any further REST calls.
The token will expire after say 2 weeks.
On further logins a user/pwd will be sent to the REST service and checked against the persisted version.
Is this a good way to go about authentication ? Is there any frameworks that handle this sort of functionality as it is common to almost all client server apps?
Thanks ..
 
 
subject: Best practice for user authentication
 
Similar Threads
Http Digest Authentication and HttpsClient Authentication
Please improve my code/approach.
Tomcat 5.5 JdbcRealm -> Oracle
web service client needs to pass a Windows security token for authentication
EJBContext - caller principal : propagate credentials to webservice