scenario:
- multiple rest-backends, ex. developed using jersey, , deployed separately, in jetty-containers.
- single, , separately deployed angularjs web app consuming each of rest-backends.
now, want add authentication , authorization user can login using html-form.
now, thing sure of not need oauth, because no thirdparty needs access rest-backends, angularjs app.
i have looked apache shiro, spring security, , other frameworks, don't understnad how consolidate frontend , backends in terms of authentication , authorization.
does of guys has example of how without cluttering code security specific aspects?
possible/plausible solution?
if implement , deploy separate , thin rest-service authentication , authorization, post endpoint https://.../authenticate, returns either error message or json response details user, along unique session token, can include token , other neccessary headers within each subsequent request/response. each rest-backend can filter each request , check whether given header information, using session token , role etc., authenticated , authorized.
are there drawbacks/flaws solution?
if need authentication , authorization , not oauth go "basic authentication" angular.
example of implementation shown in below link: http://jasonwatmore.com/post/2014/05/26/angularjs-basic-http-authentication-example.aspx
Comments
Post a Comment