• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: REST authentication
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: REST authentication

  • Subject: Re: REST authentication
  • From: Matt Ness <email@hidden>
  • Date: Mon, 06 Oct 2014 11:26:57 +1100

On 06/10/2014, at 8:45 AM, John Huss <email@hidden> wrote:

REST basically just means HTTP, so the answer is to use HTTP auth, most likely BASIC auth.  This can be done two ways:

1) If your apps are fronted by Apache (which they probably are), then you can use Apache's bult-in authorization functionality, the simplist form of which is just to declare users in flat text files.  There are probably many other ways to store the user info.

2) You can do the auth inside your app.  Globally in Application.dispatchRequest or more granularly in your route class (which is just a DirectAction subclass) in DirectAction.performAction.  You just have to read the Authorization header and parse it, then check for the user and password in your database or whatever.  I don't believe there is an implementation in Wonder, but if not there should be.


Hi list,

We do something similar in our apps using ERRest : insert a class between your entity controller classes and ERXDefaultRouteController (or similar), extend that class from the Controllers you care about, override performActionNamed() and authenticate either the WOSession or another method of authentication (HMAC account and signatures for example). I insert the authentication credentials/session info into the rest context userInfo, so I can do further EO based checks against a rest verb action (DELETE, PUT, etc) in the controller of the EO.

Also, the rest context userInfo helps you in your ERXAbstractRestDelegate sub classes. You can retrieve the, for example, external ERP system credentials from the rest context to facilitate your:

createObjectOfEntityWithID

and

objectOfEntityWithID

and

primaryKeyForObject

methods. Helps when you are creating or fetching EOs and need to build-a-relationship or check or filter against a Organisation or Company object, for example.

Lastly, that default controller subclass comes in handy if you want to finesse any OPTIONS calls, or modifying any header values in egress or ingress, and similar common operations.

Regards,

Matt
--
http://logicsquad.net




On Sat, Oct 4, 2014 at 9:01 AM, Gabor Raz <email@hidden> wrote:
 Hi Guys,

I normally make my own projects with Node.js. Most of them with the MEAN.IO framework. But I also came in touch with WebObjects / Project WOnder during my training. 

Now I would like to convert a node application into a wonder application. And here I have a question. How do I create a authentication via REST and make my routes only available for authenticated users? 

Thanks in advance 
Gabor Raz

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: This email sent to email@hidden
References: 
 >REST authentication (From: Gabor Raz <email@hidden>)
 >Re: REST authentication (From: John Huss <email@hidden>)

  • Prev by Date: Re: REST authentication
  • Next by Date: Re: REST authentication
  • Previous by thread: Re: REST authentication
  • Next by thread: Re: REST authentication
  • Index(es):
    • Date
    • Thread