I have a Grails application that interfaces with a restful services to authenticate and data retrieval. I need to implement user authentication using Shiro for the user to enter id/password which is then passed on to authentication endpoint of the restful service and after successful validation will the respond with a token. This token needs to be stored somewhere securely (Shiro session?) to used later for subsequent calls to other endpoints of the restful service. Also, how would it work with session replication in a HA setup?
I am trying to find a secured approach to store token which should be available until the user is logged in but should be destroyed on logout.
Just to add - this application will be secured via SSL.