I am wondering what is the best approach to implement Spring Security to secure a REST api that will be accessed by two types of clients, Angularjs and Android.
I have read many sources online in search of the perfect answer but I have not found what I am looking for (as of yet).
Ideally, the two clients will go through the exact same authentication process so that the one set of code is easily maintainable (Hence, the reason I am developing in Angularjs - so that both clients can share the same code base). I assume that I will be lead down the oauth2 route and have the token being passed with every api call once authentication has occurred but as I said, this is an assumption. I seen JSESSION mentioned here and there but nothing too detailed that I could grasp the concept 100%.
I am not looking for the easy way out as I have spent a lot of the day researching this. I am a student so I am do not have the most in depth knowledge but if I can could get pointed in the right direction that I would highly appreciate it.
Some of the sources include - although there were a LOT more: http://ift.tt/16sJS21 http://ift.tt/1wyRBSb
What is the ideal implementation to authenticate these different REST clients?
Here: https://spring.io/blog/2015/02/03/sso-with-oauth2-angular-js-and-spring-security-part-v
RépondreSupprimeris a Spring blog that takes you step by step of how you can achieve your goal. I hope it helps. The link is on part 5 therefore, look for a link to part 1 in there and go through it to understand what's going on. You can also watch this video to get more understanding of the security part: http://www.youtube.com/watch?v=MLfL1NpwUC4
Be patient to watch the whole video, it will help.