Vary: Authorization with Dimensions

Mon, 11 Jun 2007 13:44:49 -0700
After a discussion on rest-discuss[1] we came to some conclusion that a clean way for a client to find it's own user resource based on it's authentication would ideally be something like: 


GET /users;current  (or HEAD)
Authorization: (basic: stain:****)

307 Temporary redirect
Location: /users/stain
Vary: Authorization
Cache-Control: private


So the resource /users;current varies by Authorization (it is put  
behind a userguard to require auth), and it redirects to whatever is  
the current user's home.



(Vary says which headers in the client's request will make the  
response vary, typically Accept-Charset etc.)




Now I can't set the Vary header manually (it's one of the restricted  
headers), but Restlet provides a property called Dimensions for this  
purpose. The closest I could get was:



public class CurrentUserResource extends Resource {

	public CurrentUserResource(Context context, Request req, Response  
response) {

                super(context, req, response);
        }

        private static URIFactory uriFactory = URIFactory.getInstance();

        @Override
        public void handleGet() {
                // Set headers to indicate that this redirection is only valid 
with
                // current Authorization

                Form additionalHeaders = new Form();
                additionalHeaders.add("Cache-Control", "private");

                // FIXME: Should be able to do Vary: Authorization instead of *
                //additionalHeaders.add("Vary", "Authorization");
                getResponse().getDimensions().add(Dimension.UNSPECIFIED);

                
getResponse().getAttributes().put(HttpConstants.ATTRIBUTE_HEADERS,
                        additionalHeaders);

                User user =
                        (User) getContext().getAttributes().get(
                                UserGuard.AUTHENTICATED_USER);
                getResponse().redirectTemporary(uriFactory.getURI(user));
        }
}




However Dimension.UNSPECIFIED would send a Vary: *   so that all  
headers cause vary, but it's only Authorization that does.




Is it possible to add Vary: Authorized  in some other way? The  
current Dimension enum doesn't have anything close.


Using:
        additionalHeaders.add("Vary", "Authorization");

gives:


WARNING: Addition of the standard header "Vary" is not allowed.  
Please use the Restlet API instead.



(even if getResponse().getDimensions() is empty, as when using  
handleGet())



[1] http://tech.groups.yahoo.com/group/rest-discuss/message/8464

--
Stian Soiland, myGrid team
School of Computer Science
The University of Manchester
http://www.cs.man.ac.uk/~ssoiland/























					Reply via email to