Hi Don, I think we are using WS-Security, but I have not been too involved in it. I just wanted to confirm that a reasonable equivalent was available.
Is it possible with the S2 plugin to do one of the classical examples of getting resources by date e.g. /orders/2007/12/13. It would be great if you could map that onto something like a Joda MutableDateTime. From the wiki you just seem to be able to have a single ID parameter set on your action. I really like the Django approach of a mapping script where you define regex expressions which map onto functions with all the defined parameter placeholders. Martin. ----- Original message ----- From: "Don Brown" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <user@struts.apache.org> Date: Fri, 14 Dec 2007 09:48:03 +1100 Subject: Re: REST plugin and security If you are putting username and password in the soap headers, why not just use basic authentication for your REST services, which basically does the same thing? If over the wire security is a problem, use HTTPS. Don On Dec 14, 2007 1:44 AM, Martin Gilday <[EMAIL PROTECTED]> wrote: > Hi, > We are interested in using the REST plugin to extend customer choice and > complement our WS-* services. We are particularly interested in the > multiple response types (.xml, .json etc). One thing I am not sure of > is how we handle security. Say we have an order (/order/1234.xml), how > can we protect this so this is only available to the owner of the order? > In our current system they would provide their username and password in > the soap security headers. We use Acegi/Spring Security. This is > probably more of a general REST issue, but I am interested in if the > plugin helps out at all. > > Thanks, > Martin. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
