We just use basic auth. take a look at: http://incubator.apache.org/shiro/web.html
Basically you just treat it as a normal web app, just configure you services with different permissions. On Thu, Sep 16, 2010 at 12:21 PM, tim.sparg <[email protected]>wrote: > > Hi all > > I’m working on a project where RESTful web services will be exposed to a > client (Initially Java Desktop/web start, but with the view of expanding > the > usage over time) > The idea is that in the beginning all web services will be restricted, and > then over time we will allow non-authenticated users/applications access to > the services. > > What would the most seamless way to integrate Shiro and RESTful webservices > be? > I’ve seen mention of a token that would be passed around with every call > from the client to the web service, however that just seems a little > clunky... > > Is there a more transparent/easier to implement way to do this? > > Cheers > Tim > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Shiro-and-RESTful-web-services-tp5539212p5539212.html > Sent from the Shiro User mailing list archive at Nabble.com. >
