Menu
As per the title, I am wondering what are some best practices for Web service user authentication and session management, mainly for backend implementation, especially using Java (J2EE).
Has anyone published anything on the subject? What kind of security considerations should one keep in mind when working with user authentication? What kind of design patterns are related? How should sessions be managed? What does a well-designed architecture look like?
Are there existing systems that could be used as good examples, or even bad examples?
334
As the Java EE specifications for web services actually consist in exposing a stateless session bean as a web service, you won't be able to implement session management without a "home-made" solution such as including a user token in each of your request.
198
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
