Implment RESTful webservice with Jersey and spring security

These days, I am impl开发者_如何转开发ementing RESTful webservice with Jersey. For security, we are considering to use spring security.

During integrate jersey & spring security , we found some issues.

1. Redirected to 8080 port ( which is used by servlet container ). We use proxy module in apache to only support 80, 443. When request is redirected to login page, request url is changed to use 8080 port which is used by servlet container ( tomcat ). How can I prevent to redirected to 8080? And if we want to just show message(error message ) what is good option ?

2. What is good way to keep the session ? I found issues on using client tool which didn't support cookie. ( I found that Jersey client isn't support cookie, so session isn't keep using it.) What is good way to keep session ?

1. I am having a similar port number/protocol issue with a reverse-proxy. I haven't figured out how to solve my problem yet (may be asking another question here on SO), but you may want to look at the "port-mapping" setting of spring-security's configuration: http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html#ns-requires-channel

   I'm not sure if this will do exactly what you're looking for, but worth checking out.

2. I'd recommend that you keep your RESTful webservice stateless. Don't maintain any session on the server. For authentication, you can authenticate each request individually using something like OAuth.