On 06/10/2014, at 8:45 AM, John Huss <[email protected]> wrote: > REST basically just means HTTP, so the answer is to use HTTP auth, most > likely BASIC auth. This can be done two ways: > > 1) If your apps are fronted by Apache (which they probably are), then you can > use Apache's bult-in authorization functionality, the simplist form of which > is just to declare users in flat text files. There are probably many other > ways to store the user info. > > 2) You can do the auth inside your app. Globally in > Application.dispatchRequest or more granularly in your route class (which is > just a DirectAction subclass) in DirectAction.performAction. You just have > to read the Authorization header and parse it, then check for the user and > password in your database or whatever. I don't believe there is an > implementation in Wonder, but if not there should be. >
Hi list, We do something similar in our apps using ERRest : insert a class between your entity controller classes and ERXDefaultRouteController (or similar), extend that class from the Controllers you care about, override performActionNamed() and authenticate either the WOSession or another method of authentication (HMAC account and signatures for example). I insert the authentication credentials/session info into the rest context userInfo, so I can do further EO based checks against a rest verb action (DELETE, PUT, etc) in the controller of the EO. Also, the rest context userInfo helps you in your ERXAbstractRestDelegate sub classes. You can retrieve the, for example, external ERP system credentials from the rest context to facilitate your: createObjectOfEntityWithID and objectOfEntityWithID and primaryKeyForObject methods. Helps when you are creating or fetching EOs and need to build-a-relationship or check or filter against a Organisation or Company object, for example. Lastly, that default controller subclass comes in handy if you want to finesse any OPTIONS calls, or modifying any header values in egress or ingress, and similar common operations. Regards, Matt -- http://logicsquad.net > > On Sat, Oct 4, 2014 at 9:01 AM, Gabor Raz <[email protected]> wrote: > Hi Guys, > > I normally make my own projects with Node.js. Most of them with the MEAN.IO > framework. But I also came in touch with WebObjects / Project WOnder during > my training. > > Now I would like to convert a node application into a wonder application. And > here I have a question. How do I create a authentication via REST and make my > routes only available for authenticated users? > > Thanks in advance > Gabor Raz > > _______________________________________________ > Do not post admin requests to the list. They will be ignored. > Webobjects-dev mailing list ([email protected]) > Help/Unsubscribe/Update your Subscription: > https://lists.apple.com/mailman/options/webobjects-dev/johnthuss%40gmail.com > > This email sent to [email protected] > > _______________________________________________ > Do not post admin requests to the list. They will be ignored. > Webobjects-dev mailing list ([email protected]) > Help/Unsubscribe/Update your Subscription: > https://lists.apple.com/mailman/options/webobjects-dev/matt%40logicsquad.net > > This email sent to [email protected]
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
