Authorization should support the following scenario:
User provides username to /auth/connect end-point and receives authentication token from application
All following actions are performed with provided authentication token
If action is performed without token then authorization error should be thrown
User perform /auth/disconnect operation
If some other user tries to perform /auth/connect operation or some other then he should receive authorization error with message that first user is already use application and it's locked.
Authentication tokens should have timeout to avoid situations when some user has forgot to disconnect and application stays locked forever.
Try to use Spring Security to implement requirements above.
Authorization should support the following scenario:
Try to use Spring Security to implement requirements above.