Details
-
Improvement
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
1.6.0, 2.0.0
-
None
Description
Now we have basic http auth. Quick shot is adding digest as it is supported by Restlet, but I have something more in mind. As I'm using token based auth and for me http auth is not suitable (pushing credentials back and forth all the time etc). How about a pattern where from one endpoint you can consume a ticket/token/sessionId and you can use it as a header to authenticate? As now the realm is to keep login and pass and it could be something like a bean that can validate the token. Of course that data would not be static so it is more about a callback (eg. getTokens()) than a static map/list. And finally as we have the uri we can resolve an "operation" and do authorization (so uri+method is the target). I mean in my project I have processor that does stuff like that and it would be cool to have all those things in one place in consumer (and provide only data and have skeletal logic under the hood).
Now the question is if my idea makes sense and if so what are your suggestions on how to implement that w/o reinventing the wheel (and not using ACEGI 
)
Btw, Claus, William - logs about attaching/detaching restlets are at info level and it's kind of spamming if there are say 20 endpoints... Maybe it should be at debug?