[
https://issues.apache.org/jira/browse/RAVE-1112?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jmeas Pls updated RAVE-1112:
----------------------------
Description:
Logging in currently works through Spring Security. This is fine, but it
requires full page refreshes when the login completes. It should be possible
for us to implement this in a way that makes sense with an Angular SPA.
A common implementation pattern is:
1. Angular webapp loads. Checks for cookie to see if user is authorized or not.
If no, show login. If yes, verify with server and then show home page.
2. If no, filling out the form passes your credentials to the API.
3. API verifies login. Returns token if valid.
4. Angular app stores token in cookie.
5. Angular app loads home page.
If such a handshake is possible through Spring Security then we ought to do it.
Otherwise we can leave the login the way it is.
@carldanley is on this.
was:
Loggin in currently works through Spring Security. This is fine, but it
requires full page refreshes when the login completes. It should be possible
for us to implement this in a way that makes sense with an Angular SPA.
A common implementation pattern is:
1. Angular webapp loads. Checks for cookie to see if user is authorized or not.
If no, show login. If yes, verify with server and then show home page.
2. If no, filling out the form passes your credentials to the API.
3. API verifies login. Returns token if valid.
4. Angular app stores token in cookie.
5. Angular app loads home page.
If such a handshake is possible through Spring Security then we ought to do it.
Otherwise we can leave the login the way it is.
@carldanley is on this.
> Make a decision regarding authentication.
> -----------------------------------------
>
> Key: RAVE-1112
> URL: https://issues.apache.org/jira/browse/RAVE-1112
> Project: Rave
> Issue Type: Sub-task
> Reporter: Jmeas Pls
>
> Logging in currently works through Spring Security. This is fine, but it
> requires full page refreshes when the login completes. It should be possible
> for us to implement this in a way that makes sense with an Angular SPA.
> A common implementation pattern is:
> 1. Angular webapp loads. Checks for cookie to see if user is authorized or
> not. If no, show login. If yes, verify with server and then show home page.
> 2. If no, filling out the form passes your credentials to the API.
> 3. API verifies login. Returns token if valid.
> 4. Angular app stores token in cookie.
> 5. Angular app loads home page.
> If such a handshake is possible through Spring Security then we ought to do
> it. Otherwise we can leave the login the way it is.
> @carldanley is on this.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
