M
Michael Jacobs
Guest
Hi Paul, Most of what I've seen so far is that the UI web application is open, with no security configured. In a general sense, the user authentication applies to the data source (i.e. the REST resources) that has restricted access. I've not seen a lot of uses where you log into the UI and then SSO into the data source. The WebUI generally contains its own login page that POSTs to the REST data service's Spring Security resource (j_spring_security_check), as illustrated in the REST service's login.html page. The returned JSESSIONID cookie will be passed to the REST service on each subsequent http request. The REST service's login.html is there for debug unit testing and as an example of what the actual UI would call, not what the WebUI would call. I think calling the REST service's login.html from the WebUI is the LONG way around and would make it more work to maintain. For what it's worth: I personally, unless there is some architectural requirement, I like to deploy the UI and REST services in the same web application. Fewer issues with version compatibility, deployments, configuration, and server resource consumption. Hope that is of help, Mike J.
Continue reading...
Continue reading...