shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Demers <brian.dem...@gmail.com>
Subject Re: AJAX
Date Tue, 02 Sep 2014 12:30:02 GMT
My point was more the fact that you could use basic auth, and drop a cookie for the following
requests. (Basically just replacing the form login)



-Brian

> On Sep 2, 2014, at 3:17 AM, Dominic Farr <dominicfarr@gmail.com> wrote:
> 
> Not sure that makes sense. Basic authentication uses HTTP Headers, not cookies. See Here
> 
> Yes, Shiro can handle security for ajax stacks like AngularJS, but it all depends on
your security requirements; Basic, Session based cookies, or Token based authentication (sometimes
called Bearer Token.)
> 
> OAuth did a nice break down for AngularJS and security, you can read that here
> 
> Best of luck.
> 
> Dom
> 
>> On 2 Sep 2014 03:26, "Brian Demers" <brian.demers@gmail.com> wrote:
>> You could use BASIC auth (and check for a cookie)
>> 
>> -Brian
>> 
>>> On Sep 1, 2014, at 11:03 AM, Anant Rao <rao_anant@yahoo.com> wrote:
>>> 
>>> Hi,
>>> 
>>> I am a backend developer. Using Shiro, I implemented a form-based authenticator
with SHA256 salted password hasher. All of this works great.
>>> Now, the front-end developer says he is using angularJS and he's unable to mix
form-based auth with the rest of his stuff and asked me to figure out if I can support AJAX
based thing for Auth also.
>>> 
>>> I'm not familiar with the front-end technologies. Could you help me understand
if Shiro supports such AJAX-based authentication.
>>> Thanks!
>>> Anant

Mime
View raw message