C
carl.williams
Guest
I have managed to get REST authentication via OERealm to work using the existing _user table and a class that does user & password authentication. The user & password are in the header and are base64 encoded. A client principle is then created and use by an appserver activation procedure. I can also just read the header and authenticate each request without OERealm at the point when my method is run on the appserver and use setuserid. What is the benefit in this case of using OERealm spring security? As far as I can see it makes 3 appserver requests - user validation, password validation, run my method compared with 1 appserver request if authenticate is part of running the method. If the user was not in_user then the client principal would be need as setuserid could not be used. Thanks.
Continue reading...
Continue reading...