Hi all, I have implemented the HTTP basic authentication and HTTP digest authentication. I have used HTTP authentication hooks in PHP for implementing this. This implementation has a limitation - it runs only when PHP is running as an Apache module and is not available in the CGI version.
Implementing basic authentication was quite easy. It involves checking of the inbuilt variable $_SERVER['PHP_AUTH_USER'] and sending HTTP header WWW-Authenticate: Basic realm="Mapbender REST". Implementing digest authentication was a bit tedious. We need to send nonce using uniqid() function along with realm and WWW-Authenticate in the http header. And then followed the RFC 2069 scheme to calculate the hash and verify the client response. This authentication implementation is modular and can be easily plugged in with any REST api call which will be implemented. I also wrote a basic framework of REST API calls. This includes calss which will handle and process all REST API requests. Another class for sending REST response back to the clients. I am using standard HTTP response codes for sending response. I used this list for reference: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html I am saving the response codes in an ini file. This ini file will be parsed by the php to respond to REST requests. With 3 basic module - Authentication, Class for handling REST requests and Class for sending back response to clients - I am all set to implement the REST API requests. I have started with mb_users. Please comment on the progress. Vikas
_______________________________________________ Mapbender_dev mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/mapbender_dev
