Web Service User Authentication and Session Management Best Practices

Question

Web Service User Authentication and Session Management Best Practices

According to the headline, I wonder what recommendations are for web service user authentication and session management, mainly for backend implementation , especially using Java (J2EE).

Has anyone posted anything on this subject? What security considerations should be considered when working with user authentication? What design patterns are related? How should sessions be managed? What does a well-designed architecture look like?

Are there existing systems that can be used as good examples or even bad examples?

+3

java java-ee authentication architecture session management

Shaggy frog Apr 22 '12 at 0:21

source share

2 answers

kyiu · Answer 1 · 2012-04-22T02:14:33+0000

Since the Java EE specifications for web services are essentially showing that you are showing a non-bean session as a web service, you cannot implement session management without a “home” solution, such as including a user token in each of your requests.

Robert · Answer 2 · 2012-04-27T13:03:34+0000

Not specifically REST, but we use the same authentication mechanism for standard web services as for any other web container request. The tools send basic authentication data to the backend. For SSL. Never had a problem.

Web Service User Authentication and Session Management Best Practices

More articles: