Question

I am building two separate project , Rest services using spring 4.0 and a dynamic website using ZK and Spring .

I want to secure both Rest Services and the Website so user need to be authorized before browsing the website or requesting the Rest Services .

I am wondering if we can have one place for authorization , is this possible and how to share the identity of user between both sites ?

I am thinking of Shiro ?

Any Ideas

BR Shahbour

Was it helpful?

Solution

Check out Spring Security, it integrates really easily with Spring (as the name would suggest). As far as how to keep user signed in across both apps, there are a few options. The simplest would probably be to have a central database where user information is stored that both apps can access. Add Spring Security to both apps. Web app would require user to authenticate and then any time it calls the REST service it provides current user's username/password. REST service would accept username/password and authenticate the user again. This approach would also work if you ever wanted to use your REST services directly without your Web UI.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top