HIPPO CMS HST custom Rest API authentication

Question

I'd like to create a new application based on HIPPO CMS and expose my custom business REST API in HIPPO HST(Delivery) application. On the other hand, application implemented with AngularJS will consume these REST API.

Right now I don't understand which authentication mechanism(out of the box with HIPPO CMS) should be used in order to get secure access from AngularJS application to secured Rest endpoints in HST.

Could you please describe how it should work and what an approach in HIPPO CMS should be used for this purpose ?

Answer 1

We have documentation on that. Default it is protected with basic authentication against repository users. You can also define a custom CXF JAXRSInvoker.

From our docs: "By default the RepositoryJaxrsService will configure every REST endpoint to be basic authenticated against the Hippo Repository, using the provided username and password to (only) login to the repository. The authentication (and authorization, see further below) handling is configurable and overridable, per REST endpoint when using a CXFRepositoryJaxrsEndpoint builder. The authentication, and optional authorization, is handled by a custom CXF JAXRSInvoker providing pre/post processing of a request invocation. The default authentication is provided by the AuthenticatingRepositoryJaxrsInvoker, which enforces a repository login before proceding with the request handling. The CXFRepositoryJaxrsEndpoint builder allows configuring a custom JAXRSInvoker,"

I suggest you reference the documentation on the onehippo.org site. It has the latest information as well as historical references for previous versions.

http://www.onehippo.org/library/concepts/hippo-services/repository-jaxrs-service.html