Hi all,
Is it possible to secure rest easy in such a way that you can allow
unauthenticated users to, say, GET a resource, but only permit authenticated
users in the correct roles to POST. Since the resource would using the same
url pattern, presumably the entry in web.xml security constraint
(web-resource-collection) would cover be apply regardless and the client
would be required to authenticate even if they were just trying to do a GET.
An example, in case my attempt at describing the problem in a generic way
fell flat on its face :p
Let's say I have an API that allows you to create a bunch of "widgets". You
can do so by sending an HTTP *POST *to */widgets*, but you must be
authenticated. If you want to look at the list of widgets that people have
created, you can do so by sending an HTTP *GET *to */widgets*, but we you
don't have to be authenticated.
Possible?
Thanks in advance,
H.Y.
------------------------------------------------------------------------------
10 Tips for Better Web Security
Learn 10 ways to better secure your business today. Topics covered include:
Web security, SSL, hacker attacks & Denial of Service (DoS), private keys,
security Microsoft Exchange, secure Instant Messaging, and much more.
http://www.accelacomm.com/jaw/sfnl/114/51426210/
_______________________________________________
Resteasy-users mailing list
Resteasy-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/resteasy-users
