Currently AIUI most methods can be invoked using either GET or POST. In some circumstances the former is dangerous, and in others inefficient at leveraging Web infrastructure. Are you proposing that we support only one possibility for each operation? That is, an operation not marked as safe cannot be accessed through GET, only through POST, and a safe operation can only be accessed through GET? (Or whatever HTTP method was specified.)
I think this is good - the only functionality that is restricted is dangerous functionality. The recent improvement to the Tryit which writes the GET url for you on safe operations only works on safe (or GET) operations, so I'd like to encourage authors to use the safety annotation so they can get this functionality. If it can be extended to other methods such as DELETE that sounds good too. As for 1.1, how much work would it be? I could live without it if we're starting to feel burdened. Jonathan Marsh - http://www.wso2.com - http://auburnmarshes.spaces.live.com > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Keith Chapman > Sent: Monday, April 21, 2008 8:06 AM > To: mashup-dev > Subject: [mashup-dev] Restrict REST access to a single HTTP method > > Hi all, > > An Axis2 user posted the following question to me > > "Can I call service using only one REST method, for example POST and if > I call service using any other method (GET, PUT, DELETE) axis2 > generates > response with status 405 Method not allowed ? If there is possibility > to > do this, where i can set this option in configuration of axis2." > > I think this is a feature that we should have. Its too late to get this > feature into Axis2 now (as axis2 will be releasing in a week or so). > Shall we implement this feature for 1.1? From an implementation point > of > view it can be done easily using a axis2 module. > > Also I would like us to restrict GET access to operations that are > explicitly marked as safe. > > WDYT? > > Thanks, > Keith. > > _______________________________________________ > Mashup-dev mailing list > [email protected] > http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev _______________________________________________ Mashup-dev mailing list [email protected] http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev
