Grails(17)Secure the REST API with Session Stick

Grails(17)Secure the REST API with Session Stick
My colleague think of way of authority of REST API of our grails application. The way is wise and easy, the only disadvantage is that this strategy is session based, our stateless REST API should not binding to sessions in the future. But for now, this is a nice solution.

I used POSTMAN plugin in Chrome to carry the functions testing.

What we have in grails for authority is spring security which I used for quite a long time.

POST URL: http://sillycat.console.com:8080/j_spring_security
Method: POST
Form Data:   j_username = username
                   j_password = password

First time I only put that in the form-data, it does not work, then I put them in x-www-form-urlencoded, it works.

According to my colleagues, curl also works, but I did get a chance to have a try.
curl --data "j_username=username&j_password=password" http://localhost:8088/j_spring_security_check

References:
https://bowerstudios.com/node/913



你可能感兴趣的:(session)