Grails(17)Secure the REST API with Session Stick
My colleague think of way of authority of REST API of our grails application. The way is wise and easy, the only disadvantage is that this strategy is session based, our stateless REST API should not binding to sessions in the future. But for now, this is a nice solution.
I used POSTMAN plugin in Chrome to carry the functions testing.
What we have in grails for authority is spring security which I used for quite a long time.
POST URL: http://sillycat.console.com:8080/j_spring_security
Method: POST
Form Data: j_username = username
j_password = password
First time I only put that in the form-data, it does not work, then I put them in x-www-form-urlencoded, it works.
According to my colleagues, curl also works, but I did get a chance to have a try.
curl --data "j_username=username&j_password=password" http://localhost:8088/j_spring_security_check
References:
https://bowerstudios.com/node/913
My colleague think of way of authority of REST API of our grails application. The way is wise and easy, the only disadvantage is that this strategy is session based, our stateless REST API should not binding to sessions in the future. But for now, this is a nice solution.
I used POSTMAN plugin in Chrome to carry the functions testing.
What we have in grails for authority is spring security which I used for quite a long time.
POST URL: http://sillycat.console.com:8080/j_spring_security
Method: POST
Form Data: j_username = username
j_password = password
First time I only put that in the form-data, it does not work, then I put them in x-www-form-urlencoded, it works.
According to my colleagues, curl also works, but I did get a chance to have a try.
curl --data "j_username=username&j_password=password" http://localhost:8088/j_spring_security_check
References:
https://bowerstudios.com/node/913
扫一扫
534
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
