RE: Re: securing the whole application

2009-04-30 Thread webpost
Thanks. I'll try that.

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=1978079


RE: Re: securing the whole application

2009-04-29 Thread jp
Just one more question: Let say that I have the resource User.

GET user/{username} - get the user representation identified by {username}

I want to filter the information sent back in the Representation of the user, 
for example: Let say the user is authenticated in and he requests his profile 
by using GET user/{username}. He can get all the information of the user 
profile and even put some modifications back. However if the user is 
authenticated, he can get only a limited set of that same information and 
cannot put any kind of change.

What is the best approach to deal with this?

One alternative may be to have two different representations: One for 
authenticated users and other for not authenticated users?   In this case may 
we have a Guard, that authenticates the user based on a cookie, for example, 
and forward the request to the same restlet but to generate different 
representations based on the outcome of the authentication?

May I have your opinions or known best practices around my issue?

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=1967653


RE: Re: securing the whole application

2009-04-29 Thread jp
Sure it helped.  Thanks.

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=1967245


RE: Re: securing the whole application

2009-04-29 Thread Jerome Louvel
Hi Jao,

Personnally, I would handle this inside your target Resource (or
ServerResource in Restlet 1.2) subclass. Regarding the representation you
could have two or just one defined as a template representation (see
FreeMarker and Velocity extensions).
 
Best regards,
Jerome Louvel
--
Restlet ~ Founder and Lead developer ~ http://www.restlet.org
Noelios Technologies ~ Co-founder ~ http://www.noelios.com


-Message d'origine-
De : jp [mailto:joaomiguel.pere...@gmail.com] 
Envoyé : mardi 28 avril 2009 21:42
À : discuss@restlet.tigris.org
Objet : RE: Re: securing the whole application

Just one more question: Let say that I have the resource User.

GET user/{username} - get the user representation identified by {username}

I want to filter the information sent back in the Representation of the
user, for example: Let say the user is authenticated in and he requests his
profile by using GET user/{username}. He can get all the information of the
user profile and even put some modifications back. However if the user is
authenticated, he can get only a limited set of that same information and
cannot put any kind of change.

What is the best approach to deal with this?

One alternative may be to have two different representations: One for
authenticated users and other for not authenticated users?   In this case
may we have a Guard, that authenticates the user based on a cookie, for
example, and forward the request to the same restlet but to generate
different representations based on the outcome of the authentication?

May I have your opinions or known best practices around my issue?

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=19676
53

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=1982871


securing the whole application

2009-04-27 Thread joao pereira
Hi, 

How to secure all the application instead of each route?

if this seems to be a newbie question it's because I'm a newbie :)

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=1946647


Re: securing the whole application

2009-04-27 Thread Matt
Hi João,

Luckily Restlet makes this sort of thing really easy. 

All you need to do is make the Guard (or ChallengeGuard in M2) handle and
forward the requests once you've authenticated the user. I.e something like:

 public Restlet createRoot() {

Router securedRoute = new Router(getContext());

securedRouter.add(/users, UsersResource.class);
securedRouter.add(/user/{id}, UserResource.class);

Guard guard = new Guard(getContext(), ChallengeScheme.HTTP_BASIC,
whatever);
guard.setNext(securedRoute);
return guard;
  }

Hope that vaguely helps,
Matt


João Pereira wrote:
 
 Hi, 
 
 How to secure all the application instead of each route?
 
 if this seems to be a newbie question it's because I'm a newbie :)
 
 --
 http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=1946647
 
 

-- 
View this message in context: 
http://n2.nabble.com/securing-the-whole-application-tp2726872p2729929.html
Sent from the Restlet Discuss mailing list archive at Nabble.com.

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=1957093