jsf - JAX-RS client and session management -
my task split existing jsf application jax-rs web-service , jsf web-client. split should done @ business layer. both, client , server should run on different jboss as7.1 right now, both sides using container managed authentication. jsf-client grants access uri-path /customers/* users role cust , /admin/* users role admin. of course web-service protects resources (roles: cust & amdin). authentication web-service part clear me. question how provide proper authentication jsf-client. me there 3 possibilities:
- both sides manages own authentication (difficult synchronize) is there way synchronize authenticated users between 2 jboss application servers?
- both sides manages own authentication credentials , the, jsf-client sends each request
usernamepasswordcredentials
web-service - container-managed-authentication done @ web-service side. jsf-client tries request information, , in case of response like: "peer not authenticated" jsf-client forces user enter credentials , performs rquest again
usernamepasswordcredentials
i have no idea (or whether) 1 of 3 approaches feasible. have searched web best practise approach, unfortunately without success.
is there known best practice approach problem, or can give me hint how solve issue.
ad 1. yes, can use cas or openid oauth authorization
ad 2. that's common approach in "true rest" applications world - each call stateless, everytime user credentials needs passed , checked.
ad 3. if jsf application contains data can accessible without authentication (jsfs plain templates) that's reasonable solution.
Comments
Post a Comment