rave-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jmeas Pls (JIRA)" <j...@apache.org>
Subject [jira] [Created] (RAVE-1112) Make a decision regarding authentication.
Date Mon, 21 Jul 2014 19:14:38 GMT
Jmeas Pls created RAVE-1112:
-------------------------------

             Summary: Make a decision regarding authentication.
                 Key: RAVE-1112
                 URL: https://issues.apache.org/jira/browse/RAVE-1112
             Project: Rave
          Issue Type: Task
            Reporter: Jmeas Pls


Loggin in currently works through Spring Security. This is fine, but it requires full page
refreshes when the login completes. It should be possible for us to implement this in a way
that makes sense with an Angular SPA.

A common implementation pattern is:

1. Angular webapp loads. Checks for cookie to see if user is authorized or not. If no, show
login. If yes, verify with server and then show home page.
2. If no, filling out the form passes your credentials to the API.
3. API verifies login. Returns token if valid.
4. Angular app stores token in cookie.
5. Angular app loads home page.

If such a handshake is possible through Spring Security then we ought to do it. Otherwise
we can leave the login the way it is.

@carldanley is on this.




--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message