[
https://issues.apache.org/jira/browse/RAVE-1112?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jmeas Pls resolved RAVE-1112.
-----------------------------
Resolution: Fixed
Done.
> Make a decision regarding authentication.
> -----------------------------------------
>
> Key: RAVE-1112
> URL: https://issues.apache.org/jira/browse/RAVE-1112
> Project: Rave
> Issue Type: Sub-task
> Reporter: Jmeas Pls
>
> Logging in currently works through Spring Security. This is fine, but it
> requires full page refreshes when the login completes. It should be possible
> for us to implement this in a way that makes sense with an Angular SPA.
> A common implementation pattern is:
> 1. Angular webapp loads. Checks for cookie to see if user is authorized or
> not. If no, show login. If yes, verify with server and then show home page.
> 2. If no, filling out the form passes your credentials to the API.
> 3. API verifies login. Returns token if valid.
> 4. Angular app stores token in cookie.
> 5. Angular app loads home page.
> If such a handshake is possible through Spring Security then we ought to do
> it. Otherwise we can leave the login the way it is.
> @carldanley is on this.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
