Hi Barry,
I have recently noticed that it would be a nice extension to ACEGI to
support REST in this fashion. I personally think that URL pattern-based
RBAC ACL would work really nicely with ACEGI and REST.
ACEGI doesn't provide the ability to specify ACL based on the type of
HTTP operation involved.
This means that ACEGI doesn't naturally support REST out of the box,
if you care about modification versus view semantics (which you do).
The syntax ACEGI uses to specify the RBAC ACL patterns would need to be
overhauled a bit to support this in an ergonomic fashion.
It seems like this would be a very nice and very reusable little project
though :-)
Cheers,
Donal
-----Original Message-----
From: Barry Fitzgerald [mailto:[EMAIL PROTECTED]
Sent: 19 February 2008 10:24
To: [email protected]
Subject: Restful Declarative security?
Hi all,
Just a general question - I'm using the JAX-RS implementation in CXF 2.1
for
writing services and I have a requirement to secure certain aspects of
the
service.
For example - I want everyone to be able to read a user but only certain
people to update to a user. In a Restful these two calls would both be
passed to the same url (update a POST, read a GET)
Almost all security solutions I know simply protect URL's and can't
protect
a url for POST's but not for GET's.
Has anyone else come across this problem? Any solutions/ workarounds?
Obviously I could protect the calls programmatically but this seems a
step
backwards.
Thanks,
Barry
----------------------------
IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland
