https://stackoverflow.com/questions/21989427
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianI am just reading out the sequence diagram loud for you. I am working on a sample app using this plugin and (AngularJS in client side) and will be releasing soon (probably tonight).
Here are the steps:
- Client requests for a REST resource using any HTTP method.
- Server responds to client's request with a 401 (unauthorized).
- Client (on receiving a 401) redirects user to login page to provide username and password. (Remember Spring Security Core plugin)
- User provides username and password. (means, the client should issue a POST request hitting /api/login provided by spring security REST plugin with a request body/request param with user details)
- Server on receiving user info does 4 tasks:
- Validate user.
- Generate a token (provided by the Spring Security REST plugin by default).
- Store the token (either in memcahe or GORM specified domain classes).
- Return back the token to callee (client).
- On receiving the generated token from the server, client stores it in any local storage and uses for further API calls for that particular user.
- Every time an API is hit for any resource, the token is passed in the header as
X-Auth-Token(default) instead of passingBasic Authevery time.
Therefore, you end up with a token based validation for the REST Endpoints. Go through plugin's FAQ for more answers.
Author will be releasing the latest version of plugin (1.3.0) very soon and you would find some updates in the documentation.
I have just touched the basic functionality of this plugin right now, but it has the flexibility to handle more than just generating token. Example, delegating auth to OAuth providers. I will update the link to the aforementioned sample app in this answer as soon as I push it to github.
UPDATE:
Sample App
