Hello All, I'm trying to authenticate a decoupled frontend application that talks to an Apache Isis backend. Mostly I'm consuming the API's and then rendering the frontend appropriately. The challenge that I ran into is regarding authentication/authorization. I'm using Shiro JDBC authentication and it works on the wicket viewer. I understand that there is no support for auth on restful api's. From the documentation of how AuthenticationSessionStrategyBasicAuth works, I feel that I should be able to make a REST call to a custom servlet ( that I will add) which will return a cookie that the decoupled app can send on every request. I can then add a filter class that will validate the cookie.
My question is, how do I check for authentication on the above mentioned servlet ( which class can I use to validate credentials) ? Will mean a lot to get this answered, thanks in advance. -- Regards, *Deepak Gopalakrishnan*
