Not to start a fire, but I was curious what people thought about my  
approach to authentication with my RESTful application. I am currently  
using a Restlet authenticator (was using a Servlet filter) to  
authenticate incoming requests. Once authenticated the request and  
response have a cookie added to their cookie collection. This cookie  
is also stored in an authentication tokens table the REST application  
has access to. The benefit of this is that it allows for a "login  
once" architecture without having to deal with the hazards of BASIC  
auth (never expiring for example). However, I am pretty sure I am  
violating the spirit of REST by maintaining a form of state.

What do you think?

-- 
-a

"Only two things are infinite, the universe and human stupidity, and  
I'm not sure about the former."  --Einstein

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2394659

Reply via email to