I am a Spring/JavaEE web programmer and am starting to investigate the principles of REST for future web applications, but I can't figure out how to do usable logins. For a Web API it makes sense, but what about end user facing web applications? I have looked into the HTTP Basic/Digest Authentication but that only produces an ugly dialog box. Anyone have any ideas?
+2
A:
That really depends on how you approach form-based login.
The way it's defined in J2EE spec, login page is only shown to the (yet authenticated) user when s/he tries to access a protected resource; it's not (or should not be) accessible by itself. In that scenario login page does not have to be governed by REST principles as it's not a "resource" by itself. In other words, the workflow is:
- User tries to GET REST url, '/products/0332425'
- S/he is redirected to '/login', POSTs his credentials, is redirected back (as GET) to the original page ('/products/0332425')
- Subsequent attempts to get to '/login' result in error (403?) or redirect to "root".
If that does not work for you and you need to have your login form available on multiple pages , treat it as part of the page and its submission as you would any other POST.
ChssPly76
2009-09-24 20:57:18
That isn't really RESTful. RESTful would be HTTP authentication where you send user name and passwort (or a hash) with each request.
deamon
2010-01-22 14:48:45