Single sign-on tutorial

The aim of this tutorial is to show basics for simply delegating the start of any GWC application to another service in order to handle the authentication.

The objectives of this tutorial:

Prevent direct access to the application and force end user to enter a login and password via an XHTML page.
Add a cookie mechanism allowing the password to be kept by the browser, in order to allow upcoming connections without requiring another login.
Add a simple method for logging out.
Adapt this example to production sites requirements.

Diagram of the tutorial workflow, where (1) user enters a URL (2) service creates cookie (split decision) if valid, starts the application. If not valid or null, display a login page and submit username and password. Then if valid, start the application. If not valid, repeat login process.

Figure 1. Single sign-on tutorial workflow

This service should be adaptable for any application.

Important:

This tutorial will help you to understand how to handle authentication using a REST service. However the methods we will show you demonstrate basic mechanisms - simple authentication with user/password hard-coded in your code and addition of a cookie mechanism. On production sites, the security should be improved. You will need to handle the recommendations mentioned in the last step of this tutorial.