Jmeas Pls created RAVE-1112:
-------------------------------
Summary: Make a decision regarding authentication.
Key: RAVE-1112
URL: https://issues.apache.org/jira/browse/RAVE-1112
Project: Rave
Issue Type: Task
Reporter: Jmeas Pls
Loggin in currently works through Spring Security. This is fine, but it
requires full page refreshes when the login completes. It should be possible
for us to implement this in a way that makes sense with an Angular SPA.
A common implementation pattern is:
1. Angular webapp loads. Checks for cookie to see if user is authorized or not.
If no, show login. If yes, verify with server and then show home page.
2. If no, filling out the form passes your credentials to the API.
3. API verifies login. Returns token if valid.
4. Angular app stores token in cookie.
5. Angular app loads home page.
If such a handshake is possible through Spring Security then we ought to do it.
Otherwise we can leave the login the way it is.
@carldanley is on this.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
