I am a Spring/JavaEE web programmer and am starting to investigate the principles of REST for future web applications, but I can't figure out how to do usable logins. For a Web API it makes sense, but what about end user facing web applications? I have looked into the HTTP Basic/Digest Authentication but that only produces an ugly dialog box. Anyone have any ideas?
That really depends on how you approach form-based login.
The way it's defined in J2EE spec, login page is only shown to the (yet authenticated) user when s/he tries to access a protected resource; it's not (or should not be) accessible by itself. In that scenario login page does not have to be governed by REST principles as it's not a "resource" by itself. In other words, the workflow is:
If that does not work for you and you need to have your login form available on multiple pages , treat it as part of the page and its submission as you would any other POST.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With