Sure, I've done this type of request matching before so im familiar
with that.
In terms of implementing the digest auth on the server-side, We'll
need some stuff in lift to process the authorization and the headers.
Im guessing i'll need to modify some of the HTTP stuff to do this...
have you any suggestions for where this would fit best?
The request / response cycle as I understand it should be:
request -> challenge response -> request with credentials ->
authorization -> authorized or unauthorized response
OR
request with credentials -> authorization -> authorized or
unauthorized response
Cheers
Tim
On Nov 9, 2:00 pm, "David Pollak" <[EMAIL PROTECTED]>
wrote:
> I would do something like this in my DispatchPf:
>
> {
> case RequestState("api" :: _, _, ) if !goodAuthHeader => return 401
> case RequestSate(....) ....
>
> }
>
> So, the first pattern matches any API request (anything to "/api/...."). It
> tests for a good auth header (this is where your code pulls the auth header,
> inspects it against the RDBMS). If the auth fails, you return a 401 and
> none of the other cases are tested.
>
> Thanks,
>
> David
>
> On Sun, Nov 9, 2008 at 5:52 AM, Tim Perrett <[EMAIL PROTECTED]> wrote:
>
> > > For standard HTML pages or for for REST (Dispatch) or for both?
>
> > Sure, for REST dispatch. For instance, listing users and there details
> > would be restricted functionality which requires authentication.
>
> --
> Lift, the simply functional web frameworkhttp://liftweb.net
> Collaborative Task Managementhttp://much4.us
> Follow me:http://twitter.com/dpp
> Git some:http://github.com/dpp
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Lift" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en
-~----------~----~----~----~------~----~------~--~---
