authentication - Java Jax-RS (Jersey) Backend & jQuery Frontend -> Security + Session -

authentication - Java Jax-RS (Jersey) Backend & jQuery Frontend -> Security + Session -

i developing lightweight web application using jax-rs on server side (deployed on tomcat 7 container) , html5, css3 , jquery in frontend.

the connection works fine. don't know how secure application. thought user may register through frontend , assigned default role (e.g. users).

from on, user may login website , able e.g. register course of study or that.

how can accomplish on secure way? best utilize tomcats authentication (digest or form)? or there way? e.g. transmitting user & password md5 hash in every request?

it great if utilize @rolesallowed annotation in ressource class annotate methods should accessible specific groups.

and how can store user-data on client? user doesnt needs sign in after every request? have utilize cookies that?

another thing i'm not sure how store info shopping cart. thought utilize db table on server store shopping cart contents specific user? how have identify user there? how mapping between logged-in user , shopping-cart entry in table like?

i hope can help me :-).

thanks in advance

greets

i utilize form authentication suggest yourself. generate context security constraints using role annotations.

to store user info basket, save in session object, , serialize disk or database on expiry farther persistency.

jquery authentication tomcat jersey jax-rs