Hi Les, > You could do that with authcBasic, but Kalle was pointing you to the > HttpMethodPermissionFilter because it is much better suited for > handling REST-based scenarios.
But HttpMethodPermissionFilter only seems to deal with permissions. It's the authentication I'm interested in. GETs and HEADs to a particular URL should not require authentication, but the POSTs, PUTs, and DELETEs should. BasicHttpAuthenticationFilter can't seem to handle this situation at the moment, but it seems trivial to add. The permissions I can handle easily in the Grails filters. Cheers, Peter
