Its very difficult to answer precisely to your question.
Are you coding for discovering technologies, what level of security are you expecting?
Could you give a little bit more details about the kind of technologies are you using for the front-end application (gwt, javascript, which framework?).
Do you have your own list of user/credentials, have you tested social login (cf oneall.com, etc)?
You may read also some resources about cookie authentication (eg: http://www.google.com/support/enterprise/static/gsa/docs/admin/70/gsa_doc_set/secure_search/secure_search_cookieauthscenarios.html, etc)
Cookie-based authentication may be a good start for you, I will give only a very general view:
- have a single resource (not authenticated) that check credentials (login/password for example stored on server side), and generate a new token inside a cookie
- this resource sends back a cookie that the browser stores and adds at each new request
- all other resources are behind an Authenticator that checks the cookie and determines which is the current user, its role, etc
You can use the Authenticator class, the Verifier class and subclass.
here is how to read/write cookies:
// read a cookie
Series<Cookie> cookies = request.getCookies();
Cookie cookie = cookies.getFirst("token_cookie");
// set a cookie
CookieSetting cookie = new CookieSetting(0, "token_cookie", token);
cookie.setMaxAge(duration);
response.getCookieSettings().clear();
response.getCookieSettings().add(cookie);
Try to search for "restful authentication" if you want to complete your point of view about this topic.
Feel free to ask for more details.
