I'm wondering what is the best approach to implementing Spring Security to protect REST api, to which two types of clients will be available, Angularjs and Android.
I read many sources on the Internet looking for the perfect answer, but I did not find what I was looking for (so far).
Ideally, two clients will go through the same authentication process so that one set of code is easily supported (therefore, the reason I am developing in Angularjs so that both clients can use the same code base). I assume that I will go along the oauth2 route and pass in a token with every api call after authentication is done, but, as I said, this is an assumption.
I also came across the JSESSION mentioned here and there, but nothing too detailed that I could understand the concept 100%.
I am not looking for an easy way out, as I spent many days exploring this. I am a student, so I do not have the most profound knowledge, but if I could, I could point in the right direction that I am very grateful to him.
Some of the sources include - although there were many more:
https://spring.io/blog/2015/02/03/sso-with-oauth2-angular-js-and-spring-security-part-v
http: / /automateddeveloper.blogspot.co.uk/2014/03/securing-your-mobile-api-spring-security.html
https://github.com/spring-projects/spring-android-samples/tree/master/spring- android-basic-auth
What is the ideal implementation for authenticating these different REST clients?