I have read many discussions about authentication, authorization etc. with REST services. I have now idea how to make authentication/authorization with REST.
But the thing I did not get is, how to control access to a web page with REST service. Is it a good practice? If so, how?
Example:
root of REST services: localhost/services
root of web pages: localhost/pages
Now, the scenario is:
1. Client tries to go to the page localhost/pages/join.html but, it does not have right to access.
2. Thus, server should check if the client has right to access to the page, and since it does not have right, should redirect the client to somewhere.
My question is not how the server would check, understand if the client has right or not.
However, I want to know, when and how I could make this check and redirection with REST service.
For example, the first idea that comes to my mind is, in the body of join.html, with <body onload> run a javascript that checks the access right of the client sending a JSON message to REST service, let say, to localhost/services/access.
Then, service will return its answer, and if it is OK, the page will be loaded, if not, it will be redirected with window.location.href. Is this the way to decide the right of access to a web page with REST service? Is there other common solution / practice?
Please again note that I am not asking, how to secure my REST API etc., but
How do I check access rights to my web pages with REST service?