I'm developing a Software as a Service offering that other developers can use to integrate into their own sites running on Wordpress (and eventually other platforms). The backend will run on a set of REST webservices using Grails.
I want to create a set of Wordpress widgets that can automatically hook in to my web services. The wordpress installation will manage all of the content, but the Grails backend will manage all of the application and domain logic, including user management.
I think I understand how I will get basic stateless calls from Wordpress to Grails to work by passing back JSON or XML structures and then parsing and displaying those in PHP. But beyond that, I'd like to support stateful activity as well, like allowing users to fill out a login form on a Wordpress site, yet authenticating them against the Grails backend. After the user is logged in, their credentials (or session) should continue to propagate for future webservice calls.
I'm not quite sure how to get started since I'm relatively new to web services, and have never done webservice or cross-site security . One idea that I had was to somehow expose a Java jsessionid to the client, but I'm not sure how exactly to do that.
Are there any patterns or preferred models for this type of setup? Has anybody done a similar type of integration that could give me some guidance?