0

I would like to authenticate with

http://myhost/login?user=...&password=...

and logout with

http://myhost/logout

I am using Gradle, Spring Boot and Java config, so no web.xml, no context configurations, no web forms and so on.

Can't escape from google noise on multipage and multifile samples...

Dims
  • 47,675
  • 117
  • 331
  • 600
  • Do you want users to login into your service? Then it would not be truly Restful as it will have to keep state of user authentication... – jny Dec 24 '15 at 14:30
  • Why? As I know, login data is usually kept in cookies etc, i.e. it transferred each time in each request? – Dims Dec 24 '15 at 15:21

2 Answers2

0

Have you considered using a servlet filter? Seems like what you want to do for passing the username and password as http parameters. Otherwise, you might also consider HTTP BASIC authentication. It passes the username and password in the http headers using base64 "encryption". Of course, complete website security is a different discussion.

See this example of using HTTP BASIC authentication.

Community
  • 1
  • 1
K.Nicholas
  • 10,956
  • 4
  • 46
  • 66
0

One approach is using tokens.

The login service would accept the credentials, generate a token (a UUID type 4 for example, see https://en.wikipedia.org/wiki/Universally_unique_identifier), store the token in a table and return it.

In every call, the client would have to send the token in the header or as another parameter, so a filter or something would check it to allow access.

On logout, the token would be deleted (you may want to have a process that deletes the tokens after a certain amount of time or something like that).

Esteban Herrera
  • 2,263
  • 2
  • 23
  • 32