* Ivan Wills <[email protected]> [090521 09:23]:
Hi Everybody,
I already did some googling, but did not find a satisfying answer yet.
What is state-of-the-art approach to control access to REST resources.
For the regular (browser based) web interface, I use Catalyst's
Authentication, Authorization::Roles and Authorization::ACL, which is
session and thus cookie based; thus does not fit REST.
So I looked into providing user information in the URL, such as
http://user:p...@host/webdisk/data/path/to/file
(for which I found Apache Rewrite rules to pass this information down to
Catalyst via FastCGI), however, I am not so convinced of this approach.
Would it still be considered RESTful, if I issue an auth token, e.g.
via
http://user:p...@host/webdisk/login/username/password (retuning token)
and then use nouns such as
http://user:p...@host/webdisk/TOKEN/data/path/to/file
Does Catalyst provide any plugins for this? Could not find anything on
CPAN.
Thanks for your input
Christian
_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
