I hope that this question is on-topic enough for the mailing group. I'm in the planning phase of designing Web application and I know from a high level that I want to use AJAX via REST and JSON (so, technically not AJAX, because the X stands for XML, but using XML seems nonsensical to me when working with Javascript on a Web page).
The thing is that I want a complete separation of the pages from the data. So, the pages would be served, not generated as with ASP.Net or PHP, etc.., and they would access data from a stand-alone Web Service, probably via JQuery controls using JSONP. The thing is the authentication. I want to do forms based authentication on the Web site and I'm trying to figure out the best way to build the Web Service so that it supports that. The Web Service will be implemented via Restlet, and I was thinking about implementing an Authentication resource. So, I could do GET /authentication (with headers containing credentials). A successful response would return a session cookie. The cookie value would also be stored server-side in some sort of thread-safe collection. Then, I would implement a filter on all other incoming requests to ensure that they contained a valid session. I have been playing around with Restlet for a couple of days now, and I've read most of the stuff on their site, used the Javadocs as a reference and even bought the Restlet in Action MEAP book. And, I think I understand how to implement what I have described above (the separate authenticator resource and the filter for session cookies), but I'm not sure if this would be the best way to implement it. I would be grateful for any advice. -- View this message in context: http://restlet-discuss.1400322.n2.nabble.com/AJAX-Architecture-tp5442526p5442526.html Sent from the Restlet Discuss mailing list archive at Nabble.com. ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2648945
