Child pages
  • HTTP login service backend-requests API

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Motivation

The http-util HttpLoginService interface provides a means for registering various login mechanism to be uset by teh gwt-sec library and other using OSGi/GWT.

...

In order to allow for secure distributed authentication services with user-supplied backends, another HttpLoginService (gwt-http-login-service) will be implemented, which authenticates a user using a simple HTTPS request.

Authentication request

A request to an authentication URL is a HTTPS POST request

...

The user and password fields *must* not be tranferred as GET variables and the use of plain HTTP is strongly discouraged, an authentication service should always use HTTPS.

Authentication Response

An authentication must respond to an authentication request with an HTTP response with

...