This recipe presents a solution for storing credentials in RESTful applications.
The solution is a compromise between temporary client-side storage and permanent server-side storage.
On the client side, we are using HTML5 session storage to store temporarily the usernames and passwords encoded in base 64. On the server side, only hashes are stored for passwords. Those hashes are created with passwordEncoder
. This passwordEncoder
is registered in Spring Security, autowired, and used in the UserDetailsService
implementation.
We have made use of the HTML5
sessionStorage
attribute. The main change has been the creation of ahttpAuth
factory. Presented in thehttp_authorized.js
file, this factory is a wrapper around$http
to take care transparently of client-side storage and authentication headers. The code for this factory is as follows:cloudStreetMarketApp.factory("httpAuth", function ($http) { return...