I am currently developing a lightweight web application using Jax-RS on the server side (deployed in the tomcat 7 container) and HTML5, CSS3 and jQuery in the interface.
The connection is working fine. I do not know how to protect the application. My idea is that the user can register through the interface and is assigned the default role (for example, users).
From this moment, the user can log in to the website and, for example, register for a course or something like that.
How can this be done in a safe way? Is it better to use tomcats authentication (DIGEST or FORM)? Or is there another way? How, for example, passing the user and password as an MD5 hash in each request?
It would be great if I could use @RolesAllowed Annotation in the Ressource Class to annotate methods that should only be available to specific groups.
And how can I store user data on the client? To prevent the user from logging in after each request? Should I use cookies for this?
One more thing, I'm not sure how to store data from the shopping cart. Would it be nice to use a DB table on the server, where do I store the contents of the basket for a specific user? How do I identify a user? What will the comparison between the registered user and the entrance to the basket in the table look like?
I hope someone can help me :-).
Thank you in advance
greets
source share