Perfect! Thanks a lot. I will download and play with it. One more thing. Would it make sense to add rest:authenticationMethod as well? This way we can use/define different authentication method for different functions.
I can see using windows authentication as default and using login based authentication for few methods that require extra security. Sumit Verma Partner / Vice President | ten24, LLC office: 877.886.5806 x 103 | mobile: 617.290.8214 www.ten24web.com | www.linkedin.com/in/sverma | twitter: blogonria On Tue, Oct 5, 2010 at 11:52 PM, Peter J. Farrell <[email protected]> wrote: > Sumit Verma said the following on 10/05/2010 10:23 PM: > > Would it make sense to add this (rest:secure) to be part of base >> implementation and add a method/variable that will tell us in preProcess if >> the call needs authentication or not? >> > I was working on this evening actually! Here's part of a draft email to > the development list about it: > > ---- > > This would apply not only to the REST endpoint but also to the File > endpoint and probably any other endpoint that is created. I choose > rest:authenticate over rest:secure because "secure" in the event handling > part of the framework will be indicating HTTP/HTTPS event-handlers. I > didn't want that to be confusing. > > I'm starting to think that we should implement an "onAuthenticate" method > in the AbstractEndpoint so it's available to all endpoints if it is > implemented and easily overridden. It would be called between the > "preProcess" and "handleRequest" method automatically. The concrete > endpoint would implement the functionality in the onAuthenticate() method. > > The REST Endpoint would be special we indicate which REST URIs need to be > authenticated. > > Globally: > > <cfcomponent rest:authentication="true"> > > Granularly (overriding the default "global" setting): > > <cffunction name="getXYZ" rest:authentication="true"> > > onAuthenticate in REST based endpoints is only run if defined by the > concrete endpoint implementation. > > This ticket has been completed > http://trac.mach-ii.com/machii/ticket/714 > > ---- > > Essentially, you would create an onAuthenticate() method in your concrete > REST CFC and you can get at that metadata by using the follow example. > GetAuthenticateDefault() is the value from rest:authenticate on the > CFCOMPONENT whereas calling getUriMetadataParameter("authenticate") is the > value that that base REST endpoint discovered for you as rest:authenticate > on your CFFUNCTION tag. > > <cffunction name="onAuthenticate" access="public" returntype="void" > output="true" > hint="Runs authentication."> > <cfargument name="event" type="MachII.framework.Event" required="true" /> > > <cfset var restUri = arguments.event.getArg("restUri") /> > > <!--- Authenticate the request via HTTP basic authentication ---> > <cfif restUri.getUriMetadataParameter("authenticate", > getAuthenticateDefault()) AND NOT > variables.authentication.authenticate(getHTTPRequestData().headers)> > <cfoutput><cfinclude > template="/MachII/dashboard/endpoints/Unauthorized.cfm" /></cfoutput> > <!--- This is the one time we don't want the endpoint exception handling to > process ---> > <cfabort> > </cfif> > </cffunction> > > HTH, > .Peter > > -- > You received this message because you are subscribed to Mach-II for CFML > list. > To post to this group, send email to > [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/mach-ii-for-coldfusion?hl=en > > ***New URLs as of April 29th, 2010*** > SVN: http://svn.mach-ii.com/machii/ > Wiki / Documentation / Tickets: http://trac.mach-ii.com/machii/ > -- You received this message because you are subscribed to Mach-II for CFML list. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/mach-ii-for-coldfusion?hl=en ***New URLs as of April 29th, 2010*** SVN: http://svn.mach-ii.com/machii/ Wiki / Documentation / Tickets: http://trac.mach-ii.com/machii/
