christian at lackas
May 21, 2009, 2:25 AM
Views: 353
Permalink
|
* Ivan Wills <ivan.wills[at]gmail.com> [090521 09:23]:
Hi Everybody,
I already did some googling, but did not find a satisfying answer yet.
What is state-of-the-art approach to control access to REST resources.
For the regular (browser based) web interface, I use Catalyst's
Authentication, Authorization::Roles and Authorization::ACL, which is
session and thus cookie based; thus does not fit REST.
So I looked into providing user information in the URL, such as
http://user:pass[at]host/webdisk/data/path/to/file
(for which I found Apache Rewrite rules to pass this information down to
Catalyst via FastCGI), however, I am not so convinced of this approach.
Would it still be considered RESTful, if I issue an auth token, e.g.
via
http://user:pass[at]host/webdisk/login/username/password (retuning token)
and then use nouns such as
http://user:pass[at]host/webdisk/TOKEN/data/path/to/file
Does Catalyst provide any plugins for this? Could not find anything on
CPAN.
Thanks for your input
Christian
_______________________________________________
List: Catalyst[at]lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst[at]lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
|
RESTful authentication
