REST basically just means HTTP, so the answer is to use HTTP auth, most likely BASIC auth. This can be done two ways:
1) If your apps are fronted by Apache (which they probably are), then you can use Apache's bult-in authorization functionality, the simplist form of which is just to declare users in flat text files. There are probably many other ways to store the user info.
2) You can do the auth inside your app. Globally in Application.dispatchRequest or more granularly in your route class (which is just a DirectAction subclass) in DirectAction.performAction. You just have to read the Authorization header and parse it, then check for the user and password in your database or whatever. I don't believe there is an implementation in Wonder, but if not there should be.
Hi list,
We do something similar in our apps using ERRest : insert a class between your entity controller classes and ERXDefaultRouteController (or similar), extend that class from the Controllers you care about, override performActionNamed() and authenticate either the WOSession or another method of authentication (HMAC account and signatures for example). I insert the authentication credentials/session info into the rest context userInfo, so I can do further EO based checks against a rest verb action (DELETE, PUT, etc) in the controller of the EO.
Also, the rest context userInfo helps you in your ERXAbstractRestDelegate sub classes. You can retrieve the, for example, external ERP system credentials from the rest context to facilitate your:
createObjectOfEntityWithID
and
objectOfEntityWithID
and
primaryKeyForObject
methods. Helps when you are creating or fetching EOs and need to build-a-relationship or check or filter against a Organisation or Company object, for example.
Lastly, that default controller subclass comes in handy if you want to finesse any OPTIONS calls, or modifying any header values in egress or ingress, and similar common operations.
Regards,
Matt
--
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden