I've forgot... 2 additional question: 1. If I need index() action for API I define function index() in Orders Controller. But then it works for normal request from browser / app/orders/index. Ok, there is no view for this action, but is this ok? 2. Maybe I should define additional global routing prefix in config for REST API? It'll be easier to dermine API request.
On 9 Lip, 12:15, red <[email protected]> wrote: > Hi, > I wan't to secure my REST API with basic access authentication. My app > also contains normal open-public views and admin panel (also secured > with SecurityComponent and basic authentication). > > I've put this peace of code to the controller: > > public function beforeFilter() { > parent::beforeFilter(); > > if (!isset($this->params['admin']) && $this->RequestHandler->isXml()) { > > $this->Security->loginOptions = array('type' => 'basic'); > $this->Security->loginUsers = array('foo' => 'bar'); > $this->Security->requireLogin(); > $this->Security->validatePost = false; > } > > } > > And that works - it checks if there is no admin and is XML request. > > But is this protection good enough? Is there any other way to > recognize that request is from REST API user? > > Regards, > Marcin Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
