1. Authenticate a user over a login screen.
2. Subsequently proceed with https connection.
The services are all REST based and we don't want to ask user to enter login-password for every request?
Basically, we are looking for a login/logoff functionality for an application running over REST and Spring framework.
In any case, that doesn't actually help us much. If you're talking to REST services from within web pages, and you can only access those pages if you're logged in, you're already done. If the web services are available externally, then you'd just need to pass something around, like a session token, and keep it in the web session.
Thing is we have planned to develop REST services for various kind of information we have.
Now, we have to bring up a web interface as well for CRUD operations. The requirement is that only authenticated and authorized users should be able to perform such operations. So, how do we go about this ?
I don't want user to enter the credentials again and again .. i mean for every request.
David Newton wrote:What's a "web pg"?
you can only access those pages if you're logged in, you're already done. If the web services are available externally, then you'd just need to pass something around, like a session token, and keep it in the web session.
Yep, I read that. But thats the doubt. Basically, this is what I want to implement.
So say for example I have a login page. The user enters the credentials (username/passwd).
I authenticate/validate the user.
Now user has access to various webpages. say account.html
1. after authentication, everything should be over https protocol.
3. Further, when the request like GET /accounts is generated it should go over https and the receiving endpoint should authenticate the user/request.
are there any pointers/tutorials you know ... i am not sure about doing https over spring. just started with it. May be there are better ideas or frameworks to implement the same.