Here is how simple REST authentication would work:
- client connects to REST login endpoint and sends name\password;
- server sends 200 OK and some token;
- client keeps the token;
- client adds the token to every next request to the REST APIs.
However, If you implement the REST API service with Spring, you must not use http.formLogin() from Spring Security as it uses form based login (you will 302 redirects etc). Seems there is no straightforward and simplified way of implementing REST API authentication with Spring Security.
There are many good will advices but what's needed is a working standalone example as in the Spring Getting Started with Spring Boot that one can download, build and run.
https://spring.io/guides/gs/securing-web/is using UI. We need an example for a REST only microservice, without any UI.
Can anyone please share a link to a ZIP containing such standalone Spring project, using Spring Boot, Spring Security and demonstrated REST endpoint authentication? (the sender will immediately become a hero :-)