Hi, You can indeed manage security in a transversal way like you suggest. This is the approach taken by Servlets in general.
They are however some cases where you will need to manage security at a smaller grain or where you don't want to declare your URI mappings in multiple places. For example, a resource could change its representation depending on whether the user is authenticated or not, by accessing to the underlying domain object/database. Anyway, I encourage you to post your sample application on our community wiki at: http://wiki.restlet.org Best regards, Jerome > -----Message d'origine----- > De : news [mailto:[EMAIL PROTECTED] De la part de shlok > Envoyé : jeudi 1 mars 2007 22:50 > À : [email protected] > Objet : Re: Acegi and Restlet > > Whatever I am discussing below is relevant for webapp > (embeded servlet), > using Spring framework, it might be helpful for standalone: > I feel Security layers should be wrapping services, data, api layers. > Acegi provides good way to do this. Rest does core job of managing > resources and representations. Security maybe kept completely > outside. > > Hence Acegi can do filtering for /* and Rest context can be /rest/* > then you just configure acegi security for URLs that would hit Rest > resources. > This should automatically take care of securing resources? > > I have working examples of: > 1. Acegi + Spring that intercepts all and > any URLs and provides controlled access. > 2. Spring + Restlet with use of WebApplication context > to get access to wired beans. > > For Acegi + Spring + Restlet, all that would be needed is to > integrate above 2 and have them as 1 working example. > is there any webspace where I can upload this stuff? > >
