Authentication on Decoupled REST API consumer app

[Deepak Gopalakrishnan <dg...@gmail.com>]

Hello All,

I'm trying to authenticate a decoupled frontend application that talks to
an Apache Isis backend. Mostly I'm consuming the API's and then rendering
the frontend appropriately. The challenge that I ran into is regarding
authentication/authorization. I'm using Shiro JDBC authentication and it
works on the wicket viewer. I understand that there is no support for auth
on restful api's. From the documentation of how
AuthenticationSessionStrategyBasicAuth works, I feel that I should be able
to make a REST call to a custom servlet ( that I will add) which will
return a cookie that the decoupled app can send on every request. I can
then add a filter class that will validate the cookie.

My question is, how do I check for authentication on the above mentioned
servlet ( which class can I use to validate credentials) ?

Will mean a lot to get this answered, thanks in advance.


-- 
Regards,
*Deepak Gopalakrishnan*