Hello,
I am seeking some advice on what the best course of action is regarding the following.
I have developed a Firefox extension which communicates with a Glassfish server using the REST protocol. I am now trying to develop an authentication mechanism for this service, so that users of the extension can log into the server.
It seems to me that the most obvious solution would be to use cookies which the extension can sent along with the REST requests and which can be handled by a SAM module at Glassfish. However, I am not sure how that can tie into Glassfish.
I also assume that I can write the SAM module in such a way as to extract the cookie value and verify it in order to maintain the user's session. The login itself will be handled by a jsp page.
1. Does this overall security solution sound feasible (and secure)?
2. Is there some other best practice that I may be completely missing?
Thanks in advance,
Gio
[Message sent by forum member 'gioranus' (gioranus_at_gmail.com)]
http://forums.java.net/jive/thread.jspa?messageID=363228