I apologize if my questions are repeated, but I have not yet found the answer.
I am building a REST-based application using Spring 3.0 and plan to deploy it to the Google App Engine. My clients can now be Native Android, iPhone, or the web client.
My users must log in using the username and password stored on the server inside the save layer. Now say that my Android client opens the application and login screen, this is the user. The user now enters the username and password.
I know that this will be a message and say that my service endpoint is registration. So it will be something like
POST / Registration
Now I plan to specify the username and password in the body of the message in Json or XML format. My question is: "Is this the right way to do this?" I plan to do this SSL, but how should I really send this sensitive information similar to this in the body. I plan to return the OAUth token on successful authentication and use it to validate the user in all future service calls.
Thanks in advance.
source
share