Whatever I am discussing below is relevant for webapp (embeded servlet),
using Spring framework, it might be helpful for standalone:
I feel Security layers should be wrapping services, data, api layers.
Acegi provides good way to do this. Rest does core job of managing
resources and representations. Security maybe kept completely outside.
Hence Acegi can do filtering for /* and Rest context can be /rest/*
then you just configure acegi security for URLs that would hit Rest
resources.
This should automatically take care of securing resources?
I have working examples of:
1. Acegi + Spring that intercepts all and
any URLs and provides controlled access.
2. Spring + Restlet with use of WebApplication context
to get access to wired beans.
For Acegi + Spring + Restlet, all that would be needed is to
integrate above 2 and have them as 1 working example.
is there any webspace where I can upload this stuff?
