[Catalyst] RESTful authentication
Christian Lackas
christian at lackas.net
Thu May 21 09:25:39 GMT 2009
* Ivan Wills <ivan.wills at gmail.com> [090521 09:23]:
Hi Everybody,
I already did some googling, but did not find a satisfying answer yet.
What is state-of-the-art approach to control access to REST resources.
For the regular (browser based) web interface, I use Catalyst's
Authentication, Authorization::Roles and Authorization::ACL, which is
session and thus cookie based; thus does not fit REST.
So I looked into providing user information in the URL, such as
http://user:pass@host/webdisk/data/path/to/file
(for which I found Apache Rewrite rules to pass this information down to
Catalyst via FastCGI), however, I am not so convinced of this approach.
Would it still be considered RESTful, if I issue an auth token, e.g.
via
http://user:pass@host/webdisk/login/username/password (retuning token)
and then use nouns such as
http://user:pass@host/webdisk/TOKEN/data/path/to/file
Does Catalyst provide any plugins for this? Could not find anything on
CPAN.
Thanks for your input
Christian
More information about the Catalyst
mailing list