Schley,
No risk of fire here, this is a common workaround for authentication to use
cookie. We are even planning a direct support for this in the Restlet
Framework, see this RFE:
Support cookie based authentication
http://restlet.tigris.org/issues/show_bug.cgi?id=605
Best regards,
Jerome Louvel
--
Restlet ~ Founder and Lead developer ~ http://www.restlet.org
Noelios Technologies ~ Co-founder ~ http://www.noelios.com
-Message d'origine-
De : Schley Andrew Kutz [mailto:sak...@gmail.com]
Envoyé : lundi 14 septembre 2009 17:06
À : discuss@restlet.tigris.org
Objet : REST and Authentication
Not to start a fire, but I was curious what people thought about my
approach to authentication with my RESTful application. I am currently
using a Restlet authenticator (was using a Servlet filter) to
authenticate incoming requests. Once authenticated the request and
response have a cookie added to their cookie collection. This cookie
is also stored in an authentication tokens table the REST application
has access to. The benefit of this is that it allows for a login
once architecture without having to deal with the hazards of BASIC
auth (never expiring for example). However, I am pretty sure I am
violating the spirit of REST by maintaining a form of state.
What do you think?
--
-a
Only two things are infinite, the universe and human stupidity, and
I'm not sure about the former. --Einstein
--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=23946
59
--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=2402913