Cookie based authentication
Requirements
Analysis
TODO
Design
TODO
Implementation
TODO
- Welcome
- Roadmap
- Getting started
- Restlet Incubator
-
Specifications
- Android edition
- Apache HTTP connectors
- Asynchronous API
- Cookie based authentication
- Data resources
- GAE edition
- GWT serialization
- JMS extension
- Modular distributions
- OAuth support
- OSGi integration
- Partial content
- Resource API refactoring
- Restlet editions
- Restlet scripting
- Security API refactoring
- Semantic Web support
- WebDAV support
* user hits a protected resource (http)
* browser is redirected to a logon form (http)
* user enters credentials and submits a form to logon restlet living in https schema (https)
* on successful authentication, logon restlet sets a session cookie and redirects to original URL (http)
Problem here is to preserve cookie between http and https, even if domain is the same. Non-standard ports (not 80/443) present additional obstacles.
Apache Shiro ( former JSecurity ) does 98% of required work, but it needs some tweaking to successfully use it with Reslet framework - in the area restlet vs. servlet APIs