views:

21

answers:

1

I'm trying to find the standard way to handle user authentication in a RESTful webservice using spring.

i want to allow a LOGGED IN user to access only specific information that applies to him.

i found 2 ways of doing that:

  1. using HandlerInterceptorAdapter i can take the HttpServletResponse and from it i can take the session. in the session i can save the user and that way i can know if he's logged in and if i can deliver him the data he's requesting.
  2. i can create tables in my database that'll contain tokens. when a user logs in he'll receive a token. he'll have to provide that token every time he asks for any information.

what is the standard way of doing that ?

thanks !

A: 

You should look at Spring Security

Raghuram