Reputation: 33297
Spring Security Authentication with REST API?
I have a Grails backend that provides a REST api. My mobile app accesses this REST Api to obtain data from the server. The authentication, login and logout should be done with Spring Security.
This works great for Desktop users because I serve the pages that I build on my server.
How do I have to use Spring Security for my REST Controller to get the authentication, login and logout working?
Upvotes: 2
Views: 3595
Answers (2)
Reputation: 135
Please see How does Spring Security sessions work? to make sense spring security sessions. Your mobile app doesn't provide cookies as browsers on desktop do for you. So you could consider including jsessionid in each mobile request after first login, this is to leverage full authorization and authentication support in spring security than basic auth could do.
Upvotes: 3
Reputation: 3799
If you're providing a REST API, there is likely no need to implement login and logout. In terms of authentication, generally the easiest thing to do is to use HTTP Basic. Spring Security supports Basic out of the box, so that shouldn't be a problem for you.
Here's a good read from Erwin Vervaet's blog about setting up Grails to use HTTP Basic authentication.
Upvotes: 4
Related Questions
- RESTful Authentication via Spring
- :REST spring security - Manually authenticating a new user and getting access token
- Secure Grails Rest Api with Spring Security Rest Plugin
- Authentication using Grails Spring Security REST Plugin
- Grails - spring security with basic auth only
- Securing REST API in Grails and Spring Security
- Adding REST authentication to Grails + SpringSecurity browser app
- Authentication in Spring MVC via REST
- Spring Security authenticating RESTful web service
- Spring Security based authentication for a REST service