Reputation: 937
User authentication in java web services
Im developing a java web application which is deployed on a glassfish server. The web services are used to connect to user databases. Each user has a database. My question is, is there a way to keep track of the user? For example in servlets we use sessions in order to store some user specific data. Is there something similar to it in web services? It seems impractical to have to authenticate the username and password each time the user sends a request to a web service. Thanks.
Upvotes: 1
Views: 63
Answers (1)
Reputation: 6726
Web services may also use sessions, however there are good reasons to keep them stateless:
- it might be that the clients do not support sessions (cookies), e.g. if your clients are not browser based;
- stateless services are easier to scale.
You do not have to use username+password for authentication. You may use JWT (or other kind of access tokens) to protect them.
Auth0 has got nice article on this topic: https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/
Upvotes: 1
Related Questions
- Java Web Service client basic authentication
- User authentication in SOAP Webservices
- How to authenticate a Web Service Client with JAX-WS / SOAP
- Authentication with Java EE
- User authentication for web services in Java
- Secured authentication in web service
- Java Web Authentication and Authorization
- How to implement login in Java EE?
- Web Service authentication in Java EE
- authentication valid user