I would like to authenticate with
http://myhost/login?user=...&password=...
and logout with
http://myhost/logout
I am using Gradle, Spring Boot and Java config, so no web.xml, no context configurations, no web forms and so on.
Can't escape from google noise on multipage and multifile samples...
Have you considered using a servlet filter? Seems like what you want to do for passing the username and password as http parameters. Otherwise, you might also consider HTTP BASIC authentication. It passes the username and password in the http headers using base64 "encryption". Of course, complete website security is a different discussion.
See this example of using HTTP BASIC authentication.
One approach is using tokens.
The login service would accept the credentials, generate a token (a UUID type 4 for example, see https://en.wikipedia.org/wiki/Universally_unique_identifier), store the token in a table and return it.
In every call, the client would have to send the token in the header or as another parameter, so a filter or something would check it to allow access.
On logout, the token would be deleted (you may want to have a process that deletes the tokens after a certain amount of time or something like that).
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 祖国的老花朵 的文章《How to authenticate (login / logout) in RESTful we》','https://www.manongdao.com/article-936431.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}